North Korean and Chinese state-sponsored threat actors have been targeting SentinelOne and its clients, the company claimed in a recent analysis.
SentinelOne is a cybersecurity company providing autonomous endpoint protection using artificial intelligence (AI) and machine learning (ML).
Its clients include Fortune 10 and Global 2000 enterprises, government agencies, and managed service providers, across different industries. Some of the more notable names include Amazon, Samsung, and Bloomberg.
The Chinese are there, too
In a new article titled “Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries”, authors Tom Hegel, Aleksandar Milenkoski, and Jim Walter explained that in the last couple of months, cybercriminals from North Korea were persistently trying to get a job in the company. The company said it is now tracking some 360 fake personas and more than 1,000 job applications linked to DPRK IT worker operations applying for roles at SentinelOne and SentinelLabs Intelligence.
At the same time, Chinese actors were trying to conduct cyber-espionage, not just against SentinelOne, but its high-value clients, as well.
“One notable set of activity, occurring over the previous months, involved reconnaissance attempts against SentinelOne’s infrastructure and specific high value organizations we defend,” the authors said. “We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees.”
The researchers said the group running these attacks is called PurpleHaze, a threat actor that was also seen targeting a South Asian government-supporting entity in late 2024. In this attack, it used an operational relay box (ORB) network and the GoReShell Windows backdoor.
“The use of ORB networks is a growing trend among these threat groups, since they can be rapidly expanded to create a dynamic and evolving infrastructure that makes tracking cyberespionage operations and their attribution challenging,” the researchers stressed.
Via The Hacker News
You might also like
- Chinese government hackers allegedly spent years undetected in foreign phone networks
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers