SentinelOne's cybersecurity analysis reveals that a China-nexus hacking group, PurpleHaze, conducted reconnaissance against its infrastructure and significant clientele. Emerging in 2024, PurpleHaze is believed to have connections to APT15, showcasing the dynamic nature of advanced cyber threats. The group has also targeted a government entity in South Asia, utilizing methods like an operational relay box network and a Windows backdoor named GoReShell. This infiltration signals evolving tactics, including the use of ShadowPad, a versatile backdoor prevalent among cyber espionage factions linked to China, complicating security measures against these sophisticated attacks.
"The use of ORB networks is a growing trend among these threat groups, since they can be rapidly expanded to create a dynamic and evolving infrastructure that makes tracking cyberespionage operations and their attribution challenging."
"PurpleHaze is assessed to be a hacking crew with loose ties to another state-sponsored group known as APT15, which is also tracked as Flea, Nylon Typhoon, and others."
Collection
[
|
...
]