SentinelOne has disclosed a series of cyberattacks targeting its infrastructure and clients, including espionage attempts by a China-linked group known as PurpleHaze. The company first detected the threat during an intrusion against an organization providing hardware logistics services for SentinelOne employees in 2024. PurpleHaze, believed to have connections to the state-sponsored group APT15, conducted reconnaissance on SentinelOne's systems and high-value customers using the GoReShell backdoor. Additionally, SentinelOne uncovered efforts by North Korean IT workers to infiltrate the company through fake job applications, with over 1,000 applications from approximately 360 fake personas. The cybersecurity firm also reported that ransomware operators, including a group called Nitrogen run by a Russian national, are exploiting enterprise security tools like SentinelOne's to evade detection. Nitrogen uses sophisticated social engineering tactics, including setting up lookalike domains and spoofed email addresses, to purchase legitimate licenses for security products. The ShadowPad backdoor, obfuscated using the ScatterBrain compiler, was used in attacks targeting over 70 organizations across various sectors, including manufacturing, government, finance, telecommunications, and research. SentinelOne noted an active underground economy around 'EDR Testing-as-a-Service,' where attackers can evaluate malware against various endpoint protection platforms to improve their evasion tactics.