- Sentinelone says it identified hundreds of fake people who applied for a job at the company
- At the same time, Chinese state -sponsored actors target both the company and its clients
- The threat actors are also targeting state companies in South Asia
North Korean and Chinese state -sponsored threat actors have been targeting Sentinelone and its clients, the company claimed in a recent analysis.
Sentinelone is a cyber security company that delivers autonomous endpoint protection using artificial intelligence (AI) and machine learning (ML).
Its clients include Fortune 10 and Global 2000 Enterprises, Government Agencies and Managed Service Providers, across different industries. Some of the more notable names include Amazon, Samsung and Bloomberg.
The Chinese are there too
In a new article entitled “Top Tier Target | What it takes to defend a cyber security company from today’s opponents,” writers explained Tom Hegel, Aleksandar Milenkoski, and Jim Walter, that Cyber Criminals from North Korea in the last few months tried to get a job in the company. The company said it is now tracking around 360 fake people and more than 1,000 job applications linked to DPRK IT workkeeper operations applying for roles at Sentinelone and Sentinellab’s intelligence.
At the same time, Chinese actors tried to perform cyber espionage, not only against Sentinelone, but also its high-value clients.
“A remarkable set of activity sets that occurred in previous months involved reconnaissance attempts against Sentinelone’s infrastructure and specific organizations with high value that we defend,” the authors said. “We first became aware of this threat cluster during a 2024 penetration that was performed against an organization that previously provided hardware login services to Sentinelone employees.”
The researchers said the group that drives these attacks is called Purplehaze, a threat actor who was also seen targeting a South Asian government -supporting entity by the end of 2024. In this attack, it used an operating rope box (ORB) network and Goreshell Windows Backdoor.
“The use of ORB networks is a growing trend among these threat groups as they can quickly be expanded to create a dynamic and evolving infrastructure that makes the tracing of cyber spy -surgery and their attribution challenging,” researchers emphasized.
Via Hacker the news
