- Sentinelone says he has identified hundreds of false characters applying for a job in the company
- At the same time, the Chinese actors sponsored by the state aim both by the company and its customers
- Threat actors also target companies aligned by the government in South Asia
The actors of the North Korean and Chinese threat sponsored by the state targeted Sentinelona and its customers, said the company in a recent analysis.
Sentinelone is a cybersecurity company offering autonomous end point protection using artificial intelligence (AI) and automatic learning (ML).
Its customers include Fortune 10 and Global 2000 Enterprises, government agencies and service providers managed, in different industries. Some of the most notable names include Amazon, Samsung and Bloomberg.
The Chinese are there too
In a new article entitled “Target of higher level | What is needed to defend a cybersecurity company for today’s adversaries, “the authors Tom Hegel, Aleksandar Milenkoski and Jim Walter explained that in the last two months, cybercriminals from North Korea attempted a job in the business. The company said that it now follows some 360 false personalities and more than 1,000 job applications linked to the operations of IT workers from the RPDC apply for roles at Sentinelona and Sentinelabs Intelligence.
At the same time, the Chinese actors tried to lead a cyber-espionage, not only against Sentine, but also its customers of great value.
“A notable set of activity, occurring in previous months, involved attempts to recognize the Sentine Infrastructure and specific specific organizations that we defend,” said the authors. “We first became aware of this cluster of threats during an intrusion in 2024 carried out against an organization previously providing material logistics services to the employees of Sentinelone.”
The researchers said that the group who directed these attacks is called Purplehaze, a threat player who was also seen targeting a supporting entity of the Southern Asian Government at the end of 2024. In this attack, he used an operational relay network (ORB) and the Windows rear door in Goresll.
“The use of orb networks is an increasing trend among these threat groups, as they can be widened quickly to create a dynamic and evolutionary infrastructure which makes cyberspionaling operations and their attribution difficult,” said researchers.
Via The Hacker News
