SentinelLABS discovered that around 75 companies, including a European media group and an South Asian government entity, have been targeted by malware linked to China. This discovery was triggered by recent attacks on SentinelOne's own servers. The investigation focused on incidents from mid-2024 to early 2025, revealing that malicious actors were using ShadowPad malware for espionage. SentinelOne's researchers have associated these attacks with known Chinese cyber groups APT15 and UNC5174, indicating China's involvement in pre-conflict cyber reconnaissance.
We tend to prioritize China, and seeing them start to poke at our own products, our own infrastructure, that immediately raises the red flag for us.
We started to hunt for it globally, look at their infrastructure and identify those other victims.
A series of intrusions between July 2024 and March 2025 involving ShadowPad malware and post-exploitation espionage activity that SentinelOne has dubbed 'PurpleHaze.'
We loosely associate some PurpleHaze intrusions with actors that overlap with the suspected Chinese cyberespionage groups publicly reported as APT15 and UNC5174.
Collection
[
|
...
]