1. Forum
  2. FidoNet
  3. CONSPRCY

  • SentinelOne targeted by C

    From Mike Powell@1:2320/105 to All on Thursday, May 01, 2025 10:09:00
    SentinelOne targeted by Chinese espionage campaign probing customers and infrastructure

    Date:
    Wed, 30 Apr 2025 15:00:00 +0000

    Description:
    Chinese and North Korean state-sponsored actors are trying really hard to wiggle their way into SentinelOne and its high-value clients.

    FULL STORY

    North Korean and Chinese state-sponsored threat actors have been targeting SentinelOne and its clients, the company claimed in a recent analysis.

    SentinelOne is a cybersecurity company providing autonomous endpoint
    protection using artificial intelligence (AI) and machine learning (ML).

    Its clients include Fortune 10 and Global 2000 enterprises, government agencies, and managed service providers, across different industries. Some of the more notable names include Amazon, Samsung, and Bloomberg.

    The Chinese are there, too

    In a new article titled Top Tier Target | What It Takes to Defend a Cybersecurity Company from Todays Adversaries, authors Tom Hegel, Aleksandar Milenkoski, and Jim Walter explained that in the last couple of months, cybercriminals from North Korea were persistently trying to get a job in the company. The company said it is now tracking some 360 fake personas and more than 1,000 job applications linked to DPRK IT worker operations applying for roles at SentinelOne and SentinelLabs Intelligence.

    At the same time, Chinese actors were trying to conduct cyber-espionage, not just against SentinelOne, but its high-value clients, as well.

    One notable set of activity, occurring over the previous months, involved reconnaissance attempts against SentinelOnes infrastructure and specific high value organizations we defend, the authors said. We first became aware of
    this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees.

    The researchers said the group running these attacks is called PurpleHaze, a threat actor that was also seen targeting a South Asian government-supporting entity in late 2024. In this attack, it used an operational relay box (ORB) network and the GoReShell Windows backdoor .

    "The use of ORB networks is a growing trend among these threat groups, since they can be rapidly expanded to create a dynamic and evolving infrastructure that makes tracking cyberespionage operations and their attribution challenging," the researchers stressed.

    Via The Hacker News

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/sentinelone-targeted-by-chinese-espiona ge-campaign-probing-customers-and-infrastructure

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)