This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.| SentinelOne
An unknown threat cluster, Green Nailao, has been actively targeting European organizations, particularly in the healthcare sector, between June and October 2024. Tracked by Orange Cyberdefense CERT, this campaign exploited CVE-2024-24919 on vulnerable Check Point Security Gateways to deploy ShadowPad and PlugX, two implants linked to China-nexus cyber intrusions. Our reverse-engineering team uncovered a highly obfuscated ShadowPad variant using Windows services and registry keys for persiste...| www.orangecyberdefense.com
This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves.| SentinelOne
