China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients

A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have come to light.

Tracked as the PurpleHaze activity cluster, these adversaries have targeted SentinelOne’s infrastructure alongside high-value organizations associated with its business ecosystem.

Uncovering the PurpleHaze Threat Cluster

SentinelLabs, the research arm of SentinelOne, identified this threat during a 2024 intrusion against a former hardware logistics provider for the company.

The PurpleHaze cluster, linked with high confidence to APT15 (also known as Nylon Typhoon), showcases a pattern of targeting critical sectors globally, including telecommunications, IT, and government entities.

Their operations leverage an extensive Operational Relay Box (ORB) network-a dynamic infrastructure operated from China that complicates attribution-and deploy malware like GoReShell, a Go-based backdoor utilizing reverse SSH connections for persistent access.

ShadowPad Intrusions and Supply Chain Risks

Further intensifying the threat, SentinelLabs uncovered related activity involving ShadowPad, a modular backdoor ...