How a failed breach on SentinelOne uncovered a global hacking campaign targeting 70+ critical infrastructure orgs.
Chinese state-backed hackers attempted to infiltrate cybersecurity firm SentinelOne by probing its servers and compromising an IT vendor. Though the breach failed, SentinelOne uncovered evidence of a larger, global campaign targeting over 70 organizations in sectors like government, telecom, healthcare, and energy.
The attackers, identified as operating under the PurpleHaze and ShadowPad groups, conducted operations from July 2024 to March 2025. Their tools included the GOREshell backdoor and software from The Hacker’s Choice — a first in nation-state activity. Victims ranged from a South Asian government agency to a European media firm, often using overlapping infrastructure and techniques tied to Chinese threat actors APT15 and UNC5174.
One alarming detail: hackers had enough access through the vendor to potentially infect laptops before shipping or compromise OS images, which could’ve exposed SentinelOne deeply. SentinelOne emphasized that cybersecurity firms are increasingly high-value targets due to their visibility into client environments and capability to counter adversaries.
–
Cloud hacking is surging, and a massive wave of cyber breaches is imminent. Ruthless AI-driven attacks are targeting your systems right now. Act immediately—secure your websites, servers, and networks before it’s too late using this amazing platform.
crebspark.com 