Introduction
PurpleHaze is a China-nexus threat actor tracked by SentinelLABS, linked to APT15, known for targeting critical infrastructure sectors such as telecommunications and government organizations. The actor has been associated with reconnaissance attempts against SentinelOne and has utilized ShadowPad, a modular backdoor platform, for cyberespionage and potential ransomware deployment. Investigations are ongoing to determine overlaps between ShadowPad intrusions and PurpleHaze activity, highlighting the extensive sharing of malware and operational practices among Chinese threat groups. The targeting of third-party service providers has raised significant concerns regarding operational security and supply chain monitoring.
Activities and Tactics
Country of Origin: 🇨🇳 China
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Backdoor.Oldrea
- China Chopper
- CyberGate
- Cyber Eye RAT
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
References pending cataloguing.