SentinelOne Snafu: China's Cyber Spree Snags Security Sweetheart! episode artwork

EPISODE · Jun 17, 2025 · 4 MIN

SentinelOne Snafu: China's Cyber Spree Snags Security Sweetheart!

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome back to Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your resident cyber-nerd with a soft spot for dumplings and zero tolerance for zero-days. Let’s power on to the biggest China-linked cybersecurity shake-ups of the week, and trust me, this one’s got everything: espionage, purple haze, and some seriously rattled supply chains. The headline grabber? SentinelOne—yes, the same cybersecurity company that’s supposed to be protecting everyone else—found itself smack dab in the crosshairs. Over the past nine months, more than 70 organizations across manufacturing, government, finance, telecom, and research were breached by China-nexus threat actors, with SentinelOne confirming it was hit through its own IT vendor. This was no drive-by: attackers hung out in some networks for weeks or months, mapping out targets and, in some cases, coming close to infecting employee laptops and collecting personal details before SentinelOne locked things down. If you’re wondering who’s behind the curtain, meet PurpleHaze and ShadowPad—two clusters with strong ties to China’s infamous APT15 and UNC5174 groups. These folks are pros. PurpleHaze was caught snooping around SentinelOne internet-facing servers last October, using reconnaissance and mapping tactics in preparation for follow-on attacks. There’s also evidence that the same actors poked at a South Asian government agency and what looks like a European media company, suggesting this is much bigger than just one North American target. Let’s zoom out: CrowdStrike’s latest threat report puts numbers to the madness. China-linked cyber activity surged 150% in the past year, with industrial, financial, and media sectors seeing attacks rise as much as 300%. Seven new Chinese APTs were spotlighted in 2024 alone. The real kicker? 75% of intrusions are now “malware-free,” relying on credential theft and hands-on-keyboard attacks that sidestep traditional security tools. Most cloud attacks come from abusing valid accounts, with cloud intrusions up 26% this year. Attackers are leveraging generative AI for hyper-realistic phishing and moving through networks at record speed—fastest breakout in just 51 seconds. How is Uncle Sam responding? US agencies are reinforcing supply chain checks and demanding stricter controls for third-party IT vendors—a lesson straight out of the SentinelOne playbook. Meanwhile, cybersecurity experts like Aleksandar Milenkoski and Tom Hegel at SentinelOne urge organizations to audit exposed infrastructure, monitor for unusual access, and double down on identity management. The golden rule: assume breach, verify everything. My advice? Get serious about credential hygiene, beef up cloud security, and treat vendor access like a loaded crossbow. And if you see someone named PurpleHaze sniffing around your network, it’s time to hit DEFCON 1. That’s a wrap for this week’s China cyber gauntlet. Stay paranoid, patc This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome back to Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your resident cyber-nerd with a soft spot for dumplings and zero tolerance for zero-days. Let’s power on to the biggest China-linked cybersecurity shake-ups of the week, and trust me, this one’s got everything: espionage, purple haze, and some seriously rattled supply chains. The headline grabber? SentinelOne—yes, the same cybersecurity company that’s supposed to be protecting everyone else—found itself smack dab in the crosshairs. Over the past nine months, more than 70 organizations across manufacturing, government, finance, telecom, and research were breached by China-nexus threat actors, with SentinelOne confirming it was hit through its own IT vendor. This was no drive-by: attackers hung out in some networks for weeks or months, mapping out targets and, in some cases, coming close to infecting employee laptops and collecting personal details before SentinelOne locked things down. If you’re wondering who’s behind the curtain, meet PurpleHaze and ShadowPad—two clusters with strong ties to China’s infamous APT15 and UNC5174 groups. These folks are pros. PurpleHaze was caught snooping around SentinelOne internet-facing servers last October, using reconnaissance and mapping tactics in preparation for follow-on attacks. There’s also evidence that the same actors poked at a South Asian government agency and what looks like a European media company, suggesting this is much bigger than just one North American target. Let’s zoom out: CrowdStrike’s latest threat report puts numbers to the madness. China-linked cyber activity surged 150% in the past year, with industrial, financial, and media sectors seeing attacks rise as much as 300%. Seven new Chinese APTs were spotlighted in 2024 alone. The real kicker? 75% of intrusions are now “malware-free,” relying on credential theft and hands-on-keyboard attacks that sidestep traditional security tools. Most cloud attacks come from abusing valid accounts, with cloud intrusions up 26% this year. Attackers are leveraging generative AI for hyper-realistic phishing and moving through networks at record speed—fastest breakout in just 51 seconds. How is Uncle Sam responding? US agencies are reinforcing supply chain checks and demanding stricter controls for third-party IT vendors—a lesson straight out of the SentinelOne playbook. Meanwhile, cybersecurity experts like Aleksandar Milenkoski and Tom Hegel at SentinelOne urge organizations to audit exposed infrastructure, monitor for unusual access, and double down on identity management. The golden rule: assume breach, verify everything. My advice? Get serious about credential hygiene, beef up cloud security, and treat vendor access like a loaded crossbow. And if you see someone named PurpleHaze sniffing around your network, it’s time to hit DEFCON 1. That’s a wrap for this week’s China cyber gauntlet. Stay paranoid, patc This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

SentinelOne Snafu: China's Cyber Spree Snags Security Sweetheart!

0:00 4:05

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on June 17, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome back to Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your resident cyber-nerd with a soft spot for dumplings and zero tolerance for zero-days. Let’s power on...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!