TZUTC: -0500   
   MSGID: 1084.consprcy@1:2320/105 2c78ce55   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   SentinelOne targeted by Chinese espionage campaign probing customers and   
   infrastructure   
      
   Date:   
   Wed, 30 Apr 2025 15:00:00 +0000   
      
   Description:   
   Chinese and North Korean state-sponsored actors are trying really hard to   
   wiggle their way into SentinelOne and its high-value clients.   
      
   FULL STORY   
      
   North Korean and Chinese state-sponsored threat actors have been targeting   
   SentinelOne and its clients, the company claimed in a recent analysis.    
      
   SentinelOne is a cybersecurity company providing autonomous endpoint   
   protection using artificial intelligence (AI) and machine learning (ML).    
      
   Its clients include Fortune 10 and Global 2000 enterprises, government   
   agencies, and managed service providers, across different industries. Some of   
   the more notable names include Amazon, Samsung, and Bloomberg.   
      
   The Chinese are there, too   
      
   In a new article titled Top Tier Target | What It Takes to Defend a   
   Cybersecurity Company from Todays Adversaries, authors Tom Hegel, Aleksandar   
   Milenkoski, and Jim Walter explained that in the last couple of months,   
   cybercriminals from North Korea were persistently trying to get a job in the   
   company. The company said it is now tracking some 360 fake personas and more   
   than 1,000 job applications linked to DPRK IT worker operations applying for   
   roles at SentinelOne and SentinelLabs Intelligence.    
      
   At the same time, Chinese actors were trying to conduct cyber-espionage, not   
   just against SentinelOne, but its high-value clients, as well.    
      
   One notable set of activity, occurring over the previous months, involved   
   reconnaissance attempts against SentinelOnes infrastructure and specific high   
   value organizations we defend, the authors said. We first became aware of    
   this threat cluster during a 2024 intrusion conducted against an organization   
   previously providing hardware logistics services for SentinelOne employees.    
      
   The researchers said the group running these attacks is called PurpleHaze, a   
   threat actor that was also seen targeting a South Asian government-supporting   
   entity in late 2024. In this attack, it used an operational relay box (ORB)   
   network and the GoReShell Windows backdoor .    
      
   "The use of ORB networks is a growing trend among these threat groups, since   
   they can be rapidly expanded to create a dynamic and evolving infrastructure   
   that makes tracking cyberespionage operations and their attribution   
   challenging," the researchers stressed.    
      
    Via The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/sentinelone-targeted-by-chinese-espiona   
   ge-campaign-probing-customers-and-infrastructure   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426