SentinelOne’s security teams have thwarted ongoing cyberespionage activities by China-linked threat actors targeting cybersecurity vendors and other organizations. The attackers used well-known tools like ShadowPad and infrastructure associated with APT groups such as APT41 and APT15. #ShadowPad #APT41 #APT15 #PurpleHaze #NorthKorea
Keypoints
- SentinelOne successfully defended against persistent Chinese cyberespionage probes over the past year.
- The threat actors targeted multiple organizations, including a South-Asian government agency and a European media group.
- Attack campaigns involved known malware like ShadowPad and infrastructure linked to APT41 and PurpleHaze.
- The attackers used sophisticated techniques such as SSH-in-WebSockets tunneling and rotating VPS networks for command-and-control.
- SentinelOne emphasizes the importance of disclosing near-misses to improve industry defenses and reduce industry blind spots.