The security vendor says it has thwarted multiple attempted China-linked attacks targeting the company over the past year.
Researchers at SentinelOne disclosed Monday that the company has thwarted multiple attempted China-linked cyberattacks targeting the cybersecurity vendor over the past year.
The attacks have included attacks directly targeting SentinelOne as well as a recent intrusion targeting an IT services and logistics firm, which had been handling hardware logistics at the time for employees of SentinelOne.
[Related: SentinelOne CEO On Why AI Agents May Be A ‘Transient Concept’]
“By disclosing details of the threat activities we have faced, we bring into focus an aspect of the threat landscape that has received limited attention in public cyber threat intelligence discourse: the targeting of cybersecurity vendors,” SentinelOne researchers wrote in a post Monday.
The attacks have been attributed to with “high confidence to China-nexus actors,” according to the researchers, Aleksandar Milenkoski and Tom Hegel.
The team at SentinelOne’s SentinelLABS had observed a cluster of reconnaissance activities targeting SentinelOne in October 2024, which has been dubbed “PurpleHaze.” SentinelLABS successfully countered the operation, the researchers said.
Then in early 2025, the team also disrupted the attack targeting the hardware logistics provider, linked to an operation tracked as ShadowPad.
“A thorough investigation of SentinelOne’s infrastructure, software, and hardware assets confirmed that the attackers were unsuccessful and SentinelOne was not compromised by any of these activities,” Milenkoski and Hegel wrote in the post.
All in all, the attacks “span multiple partially related intrusions into different targets occurring between July 2024 and March 2025,” the researchers wrote.
While targets of the activity clusters have included an unspecified South Asian government, the targeting of a cybersecurity vendor is also notable, according to the SentinelLABS post.
The team’s aim is “to provide insight into the rarely discussed targeting of cybersecurity vendors” while also “helping to destigmatize” sharing of indicators of compromise tied to the campaigns, according to the researchers.
Ultimately, “cybersecurity companies are high-value targets for threat actors due to their protective roles, deep visibility into client environments, and ability to disrupt adversary operations,” the SentinelOne researchers wrote. “The findings detailed in this post highlight the persistent interest of China-nexus actors in these organizations.”
