- Sentinelone says he identified hundreds of false characters requesting a job in the company
- At the same time, the actors sponsored by the Chinese State are directed to the company and their clients
- Threat actors are also pointing to companies aligned by the government in southern Asia.
Threat actors sponsored by the state of North Korea and Chinese have been pointing to Sentinelone and its clients, the company said in a recent analysis.
Sentinelone is a cybersecurity company that provides autonomous end point protection using artificial intelligence (AI) and automatic learning (ML).
Its clients include Fortune 10 and Global 2000 Enterprises, government agencies and service providers administered, in different industries. Some of the most notable names include Amazon, Samsung and Bloomberg.
The Chinese are also there
In a new article entitled “Top Tier Target | What is needed to defend a cybersecurity company of today’s adversaries”, authors Tom Hegel, Aleksandar Milenkoski and Jim Walter explained that in recent months, the cybercounts of North Korea were persistently trying to try to get a job in the company. The company said that it is now tracking about 360 false characters and more than 1,000 employment requests linked to IT workers’ operations of the RPDC that request roles in Sentinelone and Sentinellabs Intelligence.
At the same time, the Chinese actors were trying to carry out cyber contempt, not only against Sentinelone, but also their high -value clients.
“A notable set of activity, which occurs during the previous months, involved attempts to recognize Sentinelone infrastructure and specific high value organizations that we defend,” said the authors. “First we realized this threat cluster during a 2024 intrusion against an organization that previously provides hardware logistics services for Sentinelone employees.”
The researchers said that the group that executes these attacks is called Purplehaze, a threat actor who was also aimed at an entity that supports the Government of South Asia at the end of 2024. In this attack, he used an operational relay cash network (ORB) and the rear door of Windows of Goreshell.
“The use of orb networks is a growing trend between these groups of threats, since they can be rapidly expanded to create a dynamic and evolving infrastructure that makes the follow -up of cyber operations and their attribution challenged,” the researchers emphasized.
Through The hacker news
