Phil Stokes, Author at SentinelOne

25 MKTG Comms Blog 022 Generic LABS Blog Images 07

Phil Stokes & Raffaele Sabato / July 2, 2025

NimDoor shows how threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts.

labs

Security Research

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

Tom Hegel, Kenneth Kinion (Validin) & Sreekar Madabushi (Validin) / May 8, 2025

FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.

labs

Crimeware

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

Alex Delamotte & Jim Walter / April 9, 2025

AkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

labs

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

Phil Stokes & Raffaele Sabato / March 25, 2025

A widespread campaign with binaries written in different source languages, ReaderUpdate presents unique challenges for detection and analysis.

labs

Security & Intelligence

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

Alex Delamotte, Aleksandar Milenkoski & Dakota Cary / February 21, 2025

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

labs

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Phil Stokes & Tom Hegel / February 3, 2025

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and GitHub devs with repo spam.

labs

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

Phil Stokes / January 20, 2025

Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.

labs

Adversary

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

Tom Hegel & Dakota Cary / November 21, 2024

SentinelLABS has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.

labs

Advanced Persistent Threat

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

Raffaele Sabato, Phil Stokes & Tom Hegel / November 7, 2024

SentinelLABS has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

labs

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

Phil Stokes / October 22, 2024

An unknown threat actor is developing ransomware to lock files and steal data on macOS, and it's not LockBit.

Phil Stokes

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools