A china-linked cyber assault is defied by SentinelOne, uncovering widespread infiltrations on a global scale.
In a startling revelation, cybersecurity firm SentinelOne has uncovered a series of cyber attacks targeting various sectors worldwide, including manufacturing, government, finance, telecommunications, research, energy, technology, food and agriculture, healthcare, and engineering. The attacks, which occurred between July 2024 and March 2025, were attributed to Chinese-linked threat actors and involved the use of malware such as PurpleHaze and ShadowPad.
The report by SentinelOne focuses on two clusters of activity: one in October 2024 and another in early 2025. The October 2024 activity cluster was linked to the PurpleHaze threat actor, while the early 2025 intrusion was attributed to the China-linked ShadowPad malware.
The operatives behind the October 2024 attack on a South Asian government agency used infrastructure associated with China and chained together two Ivanti vulnerabilities - CVE-2024-8963 and CVE-2024-8190. A few weeks before these attacks, China-linked operatives had hacked a European media company, using similar tactics.
The early 2025 intrusion was particularly noteworthy as it targeted over 70 organizations across various sectors. This attack was attributed to the China-linked ShadowPad malware, and the tactic of chaining together these Ivanti flaws suggests the involvement of UNC5174, a contractor for China's Ministry of State Security that specializes in initial access and vulnerability exploitation.
SentinelOne has high confidence that China was responsible for the PurpleHaze and ShadowPad activity. The company linked these intrusions to the same actor or to one third party supplying separate actors based on significant overlaps in infrastructure management and domain creation and naming practices.
The attempts to breach SentinelOne, a security firm, were made by surveilling one of SentinelOne's servers and hacking one of its IT vendors. If successful, the attackers could have caused significant damage by compromising its hardware supplier and potentially infecting employee laptops, compromising OS images, or acting as a collection source for employee location and personal details.
CISA warned about threat actors chaining together the two Ivanti flaws in January, and SentinelOne's findings underscore the importance of heeding such warnings. The company is highlighting the PurpleHaze and ShadowPad activity to raise awareness of how often hackers target security vendors.
These attacks involved the use of the GOREshell backdoor and open-source tools provided by a collective called The Hacker's Choice (THC). The hackers connected to SentinelOne's internet-facing server for reconnaissance in October 2024.
As the world becomes increasingly reliant on digital infrastructure, the threat of cyber attacks becomes more pronounced. This report serves as a stark reminder of the need for vigilance and robust cybersecurity measures to protect critical infrastructure and sensitive data.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Stopping Osteoporosis Treatment: Timeline Considerations
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
