Aleksandar Milenkoski, Author at SentinelOne

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

Aleksandar Milenkoski & Tom Hegel / June 9, 2025

This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.

labs

Advanced Persistent Threat

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

Aleksandar Milenkoski & Luigi Martire (Tinexta Cyber) / December 10, 2024

Threat actors abused Visual Studio Code and Microsoft Azure infrastructure to target large business-to-business IT service providers in Southern Europe.

Doppelganger Russia Aligned Influence Operation Targets Germany 2

labs

Adversary

Doppelgänger | Russia-Aligned Influence Operation Targets Germany

Aleksandar Milenkoski / February 22, 2024

Doppelgänger, a sophisticated Russia-aligned operation, targets German public opinion with disinformation ahead of elections.

A Glimpse Into Future ScarCruft Campaigns Attackers Gather Strategic Intelligence And Target Cybersecurity Professionals 20

labs

Advanced Persistent Threat

ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals

Aleksandar Milenkoski & Tom Hegel / January 22, 2024

New ScarCruft activity suggests the adversary is planning to target cybersecurity professionals and businesses.

Gaza Cybergang Unified Front Targeting Hamas Opposition 13

labs

Adversary

Gaza Cybergang | Unified Front Targeting Hamas Opposition

Aleksandar Milenkoski / December 14, 2023

Cluster of threat groups continues on trajectory to consolidate with shared victims, TTPs and evolving malware.

Sandman APT China Based Adversaries Embrace Lua 19

labs

Advanced Persistent Threat

Sandman APT | China-Based Adversaries Embrace Lua

Aleksandar Milenkoski / December 11, 2023

SentinelLABS, Microsoft, and PwC threat intelligence researchers provide attribution-relevant information on the Sandman APT cluster.

Sandman APT A Mystery Group Targeting Telcos With A LuaJIT Toolkit 4

labs

Advanced Persistent Threat

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

Aleksandar Milenkoski / September 21, 2023

Sophisticated threat actor deploys high-end malware utilizing the LuaJIT platform to backdoor telcos in Europe, Middle East and South Asia.

Chinese Entanglement DLL Hijacking In The Asian Gambling Sector By Aleksandar Milenkoski And Tom Hegel 5

labs

Adversary

Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

Aleksandar Milenkoski / August 17, 2023

Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.

Kimsuky Strikes Again New Social Engineering Campaign Aims To Steal Credentials And Gather Strategic Intelligence 5

labs

Advanced Persistent Threat

Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence

Aleksandar Milenkoski / June 6, 2023

Threat actor targets experts in North Korean affairs with spoofed URLs and weaponized Office documents to steal Google and other credentials.

Operation Magalenha Long Running Campaign Pursues Portuguese Credentials And PII 3

labs

Adversary

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

Aleksandar Milenkoski / May 25, 2023

A Brazilian threat actor is targeting users of over 30 Portuguese financial institutions with custom backdoors.