Cybersecurity vendors are themselves under attack by hackers, SentinelOne says | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cybersecurity-vendors-are-under-attack-sentinelone-says\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Cybersecurity vendors are themselves under attack by hackers, SentinelOne says\"> <meta property=\"og:description\" content=\"\u201cIt\u2019s practically taboo\u201d for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cybersecurity-vendors-are-under-attack-sentinelone-says\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-28T16:41:22+00:00\"> <meta property=\"article:modified_time\" content=\"2025-04-28T16:41:25+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1744740145g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1745421713g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84334\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84334\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcybersecurity-vendors-are-under-attack-sentinelone-says%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcybersecurity-vendors-are-under-attack-sentinelone-says%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84334 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cybersecurity-vendors-are-under-attack-sentinelone-says\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.035714285714\">\n<div class=\"single-article__header-content\" readability=\"35.429245283019\">\n<p> \u201cIt\u2019s practically taboo\u201d for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84334\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"SentinelOne\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The SentinelOne sign outside the New York Stock Exchange in 2021. (SentinelOne) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"27.517732847199\"><body readability=\"58.627111984283\"><\/p>\n<p>Cybersecurity companies don\u2019t just defend their customers against cyberattacks \u2014 they also have to defend themselves, and a SentinelOne report published Monday examines some of the biggest threats they\u2019re facing.<\/p>\n<p>Those include ransomware, Chinese government-sponsored hackers and North Korean IT workers posing as job applicants, according to <a href=\"https:\/\/www.sentinelone.com\/labs\/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries\/\">the report<\/a> from SentinelOne\u2019s SentinelLabs.<\/p>\n<p>\u201cIn recent months, SentinelOne has observed and defended against a spectrum of attacks from financially motivated crimeware to tailored campaigns by advanced nation-state actors,\u201d the report reads. \u201cThese incidents were real intrusion attempts against a U.S.-based cybersecurity company by adversaries, but incidents such as these are neither new nor unique to SentinelOne.\u201d<\/p>\n<p>Cybersecurity firms can make an attractive target for hackers, despite the perception that a company that protects others might be better at protecting their own networks and systems. FireEye <a href=\"https:\/\/cyberscoop.com\/fireeye-russia-solarwinds-kevin-mandia-postcard\/\">famously discovered<\/a> the <a href=\"https:\/\/cyberscoop.com\/tag\/solarwinds\/\">notorious SolarWinds hacking campaign<\/a> hacking campaign when it realized that it itself was a victim.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTalking about being targeted is uncomfortable for any organization. For cybersecurity vendors, it\u2019s practically taboo,\u201c the SentinelOne report states. \u201cBut the truth is security vendors sit at an interesting cross-section of access, responsibility, and attacker ire that makes us prime targets for a variety of threat actors, and the stakes couldn\u2019t be higher.<\/p>\n<p>\u201cWhen adversaries compromise a security company, they don\u2019t just breach a single environment \u2014 they potentially gain insight into how thousands of environments and millions of endpoints are protected,\u201d it continues.<\/p>\n<p>So, for instance, SentinelOne said it had tracked roughly 360 fake personas and 1,000 job applicants with links to <a href=\"https:\/\/cyberscoop.com\/tag\/north-korean-it-workers\/\">North Korean IT worker operations<\/a> applying for SentinelOne jobs \u2014 including those trying to get jobs on the SentinelLabs intelligence engineering team. In investigating the campaign, SentinelOne concluded that there was value in sharing threat info with different, non-investigative teams \u2014 in this case, recruiters.<\/p>\n<p>Ransomware operators have targeted SentinelOne as part of an underground economy geared toward buying, selling or renting access to enterprise security tools. They include a group operated by a Russian national.<\/p>\n<p>Chinese state-sponsored hackers targeting the company include a group known for targeting critical infrastructure around the globe, such as telecommunications, IT and government organizations.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cybersecurity-vendors-are-under-attack-sentinelone-says\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity vendors are themselves under attack by hackers, SentinelOne says<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,413,1126,1265,4204,647,2911,46,256,270,648,626,29,288,506],"tags":[277,415,1128,1267,4205,240,2913,54,262,276,651,631,37,294,507],"class_list":["post-7577","post","type-post","status-publish","format-standard","hentry","category-china","category-critical-infrastructure","category-cyber-workforce","category-cybersecurity-workforce","category-fireeye","category-north-korea","category-north-korean-it-workers","category-ransomware","category-research","category-russia","category-sentinelone","category-solarwinds","category-telecommunications","category-threats","category-workforce","tag-china","tag-critical-infrastructure","tag-cyber-workforce","tag-cybersecurity-workforce","tag-fireeye","tag-north-korea","tag-north-korean-it-workers","tag-ransomware","tag-research","tag-russia","tag-sentinelone","tag-solarwinds","tag-telecommunications","tag-threats","tag-workforce"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-workforce\/\" rel=\"category tag\">cyber workforce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-workforce\/\" rel=\"category tag\">cybersecurity workforce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fireeye\/\" rel=\"category tag\">FireEye<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korean-it-workers\/\" rel=\"category tag\">North Korean IT workers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sentinelone\/\" rel=\"category tag\">SentinelOne<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/solarwinds\/\" rel=\"category tag\">SolarWinds<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/telecommunications\/\" rel=\"category tag\">Telecommunications<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/workforce\/\" rel=\"category tag\">workforce<\/a>","tag_info":"workforce","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7577"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7577\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7577,"date":"2025-04-28T11:41:22","date_gmt":"2025-04-28T16:41:22","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84334"},"modified":"2025-04-28T11:41:22","modified_gmt":"2025-04-28T16:41:22","slug":"cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/28\/cybersecurity-vendors-are-themselves-under-attack-by-hackers-sentinelone-says\/","title":{"rendered":"Cybersecurity vendors are themselves under attack by hackers, SentinelOne says"},"content":{"rendered":"