Deployed PurpleHaze for broader espionage: Researchers reported that in October 2024, they detected and mitigated a reconnaissance operation targeting SentinelOne, which they identified as part of a broader activity cluster known as PurpleHaze.As noted earlier, this PurpleHaze activity shared infrastructure with the campaign behind the re-compromise of the South Asian government entity, suggesting a stronger connection, or collaboration, between three seemingly distinct threat campaigns, all aligned with Chinese espionage operations.”The PRC’s consistent use of advanced tradecraft and strategic targeting of security vendors like SentinelOne is not surprising; it is an extension of their broader cyber-espionage doctrine, where compromising trusted nodes provides disproportionate leverage in downstream operations,” said Heath Renfrow, CISO and Co-founder at Fenix24.Defenders are high-value targets, especially those with access to proprietary security tooling, threat intelligence, and client infrastructure, Renfrow added.Another key activity from the PurpleHaze campaign included the intrusion into a leading European media organization in September 2024, SentinelOne added.SentinelOne has shared a list of SHA Hashes, URLs, Domains, and IP Addresses as indicators of compromise (IOCs) for security teams to set detection for. An overall proactive approach with focused monitoring of the internet-facing assets is recommended to government and critical infrastructure organizations. “What’s needed is vigilance, strong defenses, and information sharingboth at the general awareness and specific TTP/IOC level,” BugCrowd’s Casey Ellis said, commenting on SentinelOne’s discovery.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4005061/china-linked-hackers-target-cybersecurity-firms-governments-in-global-espionage-campaign.html
