Phil Stokes, Author at SentinelOne

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

Aleksandar Milenkoski, Sreekar Madabushi (Validin) & Kenneth Kinion (Validin) / September 4, 2025

DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.

Phil Stokes & Dinesh Devadoss / July 10, 2025

ZuRu malware continues to prey on macOS users seeking legitimate business tools, adapting its loader and C2 techniques to backdoor its targets.

NimDoor shows how threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts.

Tom Hegel, Kenneth Kinion (Validin) & Sreekar Madabushi (Validin) / May 8, 2025

FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.

AkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

A widespread campaign with binaries written in different source languages, ReaderUpdate presents unique challenges for detection and analysis.

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and GitHub devs with repo spam.

Phil Stokes / January 20, 2025

Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.

SentinelLABS has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.