Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

SUMMARY :

The research outlines China-nexus threat actors targeting SentinelOne and other organizations between 2024 and 2025. It details intrusions into an IT services company managing SentinelOne's hardware logistics and reconnaissance of SentinelOne's servers. The attacks involved ShadowPad malware and a cluster of activities dubbed PurpleHaze, which included the use of GOREshell backdoors and exploitation of vulnerabilities. Over 70 organizations worldwide were compromised in a broad ShadowPad operation. The threat actors employed sophisticated techniques like operational relay box networks and custom obfuscation methods. The research emphasizes the persistent threat posed by Chinese cyberespionage to various sectors, including cybersecurity vendors.

OPENCTI LABELS :

vulnerabilities,shadowpad,obfuscation,cve-2024-1709,infrastructure,cyberespionage,unc5174,reconnaissance,backdoors,cve-2023-46747,cve-2024-8190,cve-2024-8963,goreshell,nailaolocker,apt15,nimbo-c2


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets