In April 2026, the official CPUID website was compromised at the API level, resulting in a 19-hour supply chain attack where legitimate, signed binaries like CPU-Z and HWMonitor were bundled with the STX RAT. The attack leveraged the trusted distribution infrastructure of the vendor to deliver malicious payloads directly to users, primarily targeting IT professionals and system administrators with high-level access rights.
SentinelOne’s behavioral AI identified the threat by detecting anomalous process chains, such as CPU-Z spawning PowerShell and compiler tools. Despite advanced features like reflective memory loading and redundant persistence mechanisms, the attackers failed to rotate their Command and Control (C2) infrastructure, allowing security teams to leverage existing fingerprints from previous campaigns to mitigate the impact across over 150 confirmed victims.
Top comments (0)