Post by SentinelOne

Threat actors compromised the official CPUID domain, repackaged a legitimate signed binary, and let Windows do the rest: a Zig-compiled DLL hijacking the OS loader, reflective injection into memory, DNS-over-HTTPS masking the C2 call home. A trusted download doing exactly what the attackers designed it to do. SentinelOne's agent caught the CPU-Z supply chain attack by reading the behavior—anomalous API resolution, RWX memory allocation, process injection patterns—and autonomously terminating and quarantining the threat before the backdoor could phone home. No ticket needed. No damage done. 🔗 Full technical breakdown: https://s1.ai/CPU-Z-Blg