SentinelOne reports on a series of cyber intrusions linked to China-nexus threat actors, targeting organizations across the globe from July 2024 to March 2025. These activities involve reconnaissance, lateral movement, and exploitation, primarily by the PurpleHaze group and related clusters, with implications for government, media, and IT sectors. #PurpleHaze #UNC5174
Keypoints
- Multiple organizations across sectors such as government, manufacturing, and media were targeted from June 2024 to early 2025.
- The threat actor group PurpleHaze, linked to China-nexus entities, conducted reconnaissance and malware deployment activities.
- Attack tools such as ShadowPad and GoReShell were used, with some software initially developed by the hacking group THC.
- Vulnerabilities CVE-2024-8963 and CVE-2024-8190 were exploited before they were publicly disclosed.
- SentinelOne attributed the attacks to a China-based infrastructure and linked the operation to the threat actor UNC5174.
Read More: https://thehackernews.com/2025/06/over-70-organizations-across-multiple.html