SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.

25 MKTG Comms Blog 022 Generic LABS Blog Images 07

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

Phil Stokes & Raffaele Sabato / July 2, 2025

NimDoor shows how threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts.

Advanced Persistent Threat

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

Aleksandar Milenkoski & Tom Hegel / June 9, 2025

This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.

Security Research

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

Tom Hegel, Kenneth Kinion (Validin) & Sreekar Madabushi (Validin) / May 8, 2025

FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.

Adversary

Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries

Tom Hegel, Aleksandar Milenkoski & Jim Walter / April 28, 2025

This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves

Crimeware

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

Alex Delamotte & Jim Walter / April 9, 2025

AkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

LABScon

LABScon24 Replay | A Walking Red Flag (With Yellow Stars)

LABScon / March 31, 2025

Dakota Cary and Eugenio Benincasa explore China's CTF ecosystem, highlighting competitions held by the Ministry of State Security and the PLA.

LABScon

LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware

LABScon / March 26, 2025

Jim Walter reveals how a recent leak provided insight into how Kryptina RaaS has been adapted for use in enterprise attacks.

LABScon

LABScon24 Replay | Resilience and Protection in the Windows Ecosystem

LABScon / March 12, 2025

Kim Zetter interviews David Weston on topics such as the fallout from the CrowdStrike outage, Windows Recall and improving Microsoft security.

LABScon

LABScon24 Replay | Farmyard Gossip: The Foreign Footprint in US Agriculture

LABScon / March 5, 2025

Kristin Del Rosso & Madeleine Devost explore the growing trend of foreign ownership of farmland and its implications for national security.

Adversary

Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition

Tom Hegel / February 25, 2025

Latest Ghostwriter campaign brings Belarusian opposition into its sights for the first time as it continues weaponizing XLS docs to drop malware.

China’s Covert Capabilities | Silk Spun From Hafnium

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

LABScon24 Replay | A Walking Red Flag (With Yellow Stars)

LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware

LABScon24 Replay | Resilience and Protection in the Windows Ecosystem

LABScon24 Replay | Farmyard Gossip: The Foreign Footprint in US Agriculture

Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition