New Report Reveals Chinese Hackers Attempted to Breach SentinelOne Servers

SentinelLABS, a sophisticated reconnaissance operation targeting SentinelOne, a leading cybersecurity vendor, has been detailed as part of a broader espionage campaign linked to China-nexus threat actors.

Tracked under the activity clusters PurpleHaze and ShadowPad, these operations spanned from July 2024 to March 2025, affecting over 70 organizations worldwide across sectors like government, media, manufacturing, finance, and telecommunications.

Persistent Threats from China-Nexus Actors Uncovered

The report sheds light on a rarely discussed aspect of cyber threats: the deliberate targeting of cybersecurity vendors, who are high-value targets due to their protective roles and deep visibility into client environments.

SentinelLABS confirmed that despite the persistent efforts, SentinelOne’s infrastructure, software, and hardware assets remained uncompromised, thanks to robust monitoring and rapid response mechanisms.

The PurpleHaze cluster, active between September and October 2024, included reconnaissance activities against SentinelOne’s Internet-facing servers, alongside intrusions ...