Summary: Cybersecurity company SentinelOne has reported that the threat cluster PurpleHaze, with links to state-sponsored group APT15, has targeted its infrastructure and high-value clients, employing advanced cyberattack methods. The attackers used operational relay boxes and malicious backdoors to infiltrate a South Asian government entity, posing considerable challenges in tracking their cyber activities. Additionally, SentinelOne noted rising threats from North Korea-aligned groups and ransomware operators aiming to exploit enterprise security tools.
Affected: SentinelOne and its high-value customers, along with a South Asian government entity.
Keypoints :
- PurpleHaze is linked to state-sponsored hacking group APT15 and has conducted reconnaissance on SentinelOne and its clients.
- The group has employed an operational relay box and the GoReShell backdoor, complicating attribution and tracking of cyberespionage operations.
- SentinelOne observed attempts by North Korean operatives and ransomware groups targeting its defenses and leveraging fake identities to gain access to enterprise security tools.
Source: https://thehackernews.com/2025/04/sentinelone-uncovers-chinese-espionage.html