Cyber Attack cyber

SentinelOne

Jun 9, 2025 1 min read
SentinelOne

SentinelOne, an American endpoint protection solutions provider, was targeted in a supply chain attack by Chinese hackers. The attack involved exploiting vulnerabilities in network devices and using malware to gain access to the company's systems. The hackers aimed to compromise SentinelOne's infrastructure to access downstream corporate networks and develop evasion methods. Despite the attempts, SentinelOne reported no compromise of its software or hardware.

Source: https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/

TPRM report: https://scoringcyber.rankiteo.com/company/sentinelone

"id": "sen302060925",
"linkid": "sentinelone",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'location': 'United States',
                        'name': 'SentinelOne',
                        'type': 'Cybersecurity Firm'}],
 'attack_vector': ['Exploitation of exposed network devices',
                   'PowerShell-based exfiltration script'],
 'data_breach': {'data_exfiltration': 'PowerShell-based exfiltration script'},
 'date_detected': 'April 2024',
 'description': 'Chinese hackers attempted a supply chain attack on '
                'SentinelOne through an IT services and logistics firm '
                'managing hardware logistics for the cybersecurity firm.',
 'initial_access_broker': {'backdoors_established': ['GOREshell backdoor',
                                                     'ShadowPad malware'],
                           'entry_point': ['Exploitation of Check Point '
                                           'gateway devices'],
                           'high_value_targets': ['SentinelOne',
                                                  'South Asian government'],
                           'reconnaissance_period': 'September and October '
                                                    '2024'},
 'investigation_status': 'No compromise detected on SentinelOne software or '
                         'hardware',
 'lessons_learned': 'The threat posed by China-nexus cyberespionage actors to '
                    'a wide range of industries and public sector '
                    'organizations, including cybersecurity vendors '
                    'themselves. The activities reflect the strong interest '
                    'these actors have in the very organizations tasked with '
                    'defending digital infrastructure.',
 'motivation': 'Cyberespionage and potential supply chain compromise',
 'post_incident_analysis': {'root_causes': 'Exploitation of vulnerabilities in '
                                           'exposed network devices'},
 'references': [{'source': 'SentinelLabs'}],
 'threat_actor': ['APT15', 'UNC5174', 'APT41'],
 'title': 'Attempted Supply Chain Attack on SentinelOne',
 'type': 'Supply Chain Attack',
 'vulnerability_exploited': ['Check Point gateway devices',
                             'Ivanti Cloud Service Appliances',
                             'Fortinet Fortigate',
                             'Microsoft IIS',
                             'SonicWall',
                             'CrushFTP servers']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.