SentinelLABS identified and defended against targeted reconnaissance operations in late 2024 and disrupted further intrusions in early 2025, attributing these to the PurpleHaze and ShadowPad clusters. Despite a thorough investigation, the attackers failed to compromise SentinelOne's systems. The research indicates that China-nexus threat actors have expanded their operations across multiple sectors, with significant intrusions occurring over several months. Security experts emphasized the importance of vigilance, strong defenses, and sharing threat intelligence to combat these ongoing threats.
What SentinelOne is seeing now is classic China-nexus activity - it echoes exactly what was tracked during the Pacific Rim attacks when I led the defense activity at Sophos.
What's needed is vigilance, strong defenses, and information sharing just like this advisory - both at the general awareness and specific TTP/IOC level.
SentinelOne have long been on the leading edge of studying, analyzing, and disseminating threat intelligence around China-nexus actors, and this report demonstrates that the need to do so is only continuing to ramp up.
The SentinelOne incident underscores a long-standing truth in cybersecurity: defenders are high-value targets and must adapt their strategies continuously to protect critical infrastructure.
Collection
[
|
...
]