SentinelOne Ties ShadowPad Hack to China-Backed Group

SentinelOne researchers have attributed recent cyberattacks involving the ShadowPad and PurpleHaze malware families to China-aligned threat actors, the company said. The cybersecurity firm’s analysis established the link with what it described as “high confidence,” signaling an escalation in the attribution of sophisticated cyber campaigns targeting global networks.

ShadowPad, a modular backdoor framework, and PurpleHaze, a lesser-known but potent malware strain, have been deployed in recent intrusions that displayed characteristics consistent with known China-associated tactics, techniques and procedures. SentinelOne’s findings underscore the ongoing threat posed by state-linked cyber actors engaged in espionage and disruption.

The attribution adds to growing concerns among governments and private organizations about the scale and scope of cyber operations emanating from China. SentinelOne did not specify the targets or industries affected but emphasized the advanced nature of the tools used in the campaigns. The company’s report highlights the importance of threat intelligence in identifying nation-state activity in cyberspace.