We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

China-Linked Hackers Target Over 70 Global Organizations

China-Linked Hackers Target Over 70 Global Organizations
Author Image Andrea Miliani
Andrea Miliani First published on June 12, 2025 Cybersecurity Researcher

Researchers from SentinelLABS, the threat intelligence and research division of cybersecurity firm SentinelOne, have uncovered a China-linked cyber espionage group. The hackers have been targeting over 70 organizations and cybersecurity companies worldwide since July 2024.

According to the report, published on June 9, the SentinelLABS team detected a cyberattack targeting their own company, SentinelOne, in October 2024. The attack was later linked to the PurpleHaze cyber-espionage framework.

Earlier this year, SentinelLABS also helped dismantle a widespread ShadowPad operation, which impacted the company responsible for managing SentinelOne’s staff hardware. Fortunately, the cybersecurity company was not compromised, but researchers noticed a connection between the incidents.

“The PurpleHaze and ShadowPad activity clusters span multiple partially related intrusions into different targets occurring between July 2024 and March 2025,” state the report. “The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors.”

The experts added that the malicious actors are most likely linked to China. “This research underscores the persistent threat Chinese cyberespionage actors pose to global industries and public sector organizations, while also highlighting a rarely discussed target they pursue: cybersecurity vendors,” added the noted.

According to Cybersecurity Dive, a spokesperson from SentinelLABS explained that in addition to cybersecurity firms, the hackers also targeted sectors such as food and agriculture, energy, telecommunications, healthcare, manufacturing, finance, and government agencies.

Researchers first detected an intrusion to a government entity in South Asia in June 2024, followed by the global ShadowPad campaign in July 2024, which they tracked through March 2025. The PurpleHaze activity, observed in October 2024, was later linked to the ShadowPad attack in July.

The suspected cybersespionage actors worked through a operational relay box (ORB) network, exploiting multiple vulnerabilities to evade detection. The sophistication of the attacks strongly suggests state-sponsored efforts to monitor various sectors around the world.

A few months ago, it was also revealed that Chinese authorities used “EagleMsgSpy,” a spyware tool, to monitor Android devices within the country.

About the Author

Andrea is a seasoned tech journalist with a growing passion for cybersecurity, covering cyberattacks, AI breakthroughs, and the latest trends shaping the future of technology.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address