The cybersecurity company opens up about its direct encounters with digital threats in a newly released report.
SentinelOne, a company specializing in cybersecurity, has published a report detailing attempts by cybercriminals to infiltrate its systems. A successful breach of such a firm would potentially give attackers access to thousands of protected infrastructures around the world.
Over the past several months, the company’s experts have fended off a wide range of attacks — from financially motivated criminal groups to highly sophisticated operations believed to be conducted by nation-state actors.
The Boldest Campaign: North Korean “Job Applicants”
The most elaborate and daring campaign was orchestrated by North Korean operatives. SentinelOne researchers discovered a vast network of IT specialists from the DPRK operating under fake identities. The attackers created around 360 well-crafted fake personas, each with realistic resumes, portfolios, and professional references.
More than 1,000 job applications were submitted to various technical roles within the company. In one astonishing case, the applicants even targeted SentinelOne’s own cyber intelligence division — the very team actively investigating their activity at the time.
Supply Chain Sabotage: Chinese ShadowPad Group
Another serious threat came from Chinese state-sponsored hackers. The ShadowPad group compromised a logistics partner responsible for hardware management, launching a supply chain attack.
Between July 2024 and March 2025, using stealthy malware known as ScatterBrain, the group infiltrated the systems of over 70 organizations worldwide, including industrial firms, government agencies, financial institutions, telecom companies, and research centers.
Ransomware with a Twist: Nitrogen’s Social Engineering
The third major threat involved ransomware groups, particularly the Nitrogen gang. Their tactic? Exploiting resellers with weak customer verification procedures. Using social engineering, they obtained legitimate licenses and gained access to security platforms — including SentinelOne’s own EDR system.
Once inside, they carefully studied the defense mechanisms, searched for ways to disable them, and developed techniques to evade intrusion detection.
Black Basta’s Trial-and-Error Infiltration
Meanwhile, the Black Basta group pursued a different approach. Rather than aiming for stealth, they systematically tested their malware against leading cybersecurity solutions.
Targets included tools from CrowdStrike, Carbon Black, Palo Alto Networks, and SentinelOne itself. They meticulously recorded the results of each test, refining their intrusion methods based on performance.
The Marketplace for Breach
Posts offering temporary or permanent access to security management consoles are increasingly common on underground forums — a stark reminder of how commoditized breaches have become.
A Shift in Defense
The wave of recent attacks prompted SentinelOne to rethink its defensive posture. The company implemented additional layers of protection and enhanced infrastructure-wide monitoring.
Special attention is now paid not just to securing internal assets but also to vetting every partner organization with access to critical systems and data.
Would you like a summarized version of this text for social media or presentation use?
