Inside the CPU-Z Attack: How SentinelOne's Autonomous EDR Stopped a Supply Chain Threat

On April 9, 2026, a sophisticated watering hole attack struck the official download page of CPU-Z, a trusted system information tool. Attackers compromised the cpuid.com domain at the API level, redirecting legitimate download requests to malicious infrastructure for 19 hours. Users who downloaded from the official site received a properly signed binary—but it carried a hidden payload. SentinelOne's AI-driven endpoint detection and response (EDR) autonomously blocked the threat within seconds by spotting behavioral anomalies, even though the binary appeared genuine. This incident highlights a growing trend: threat actors exploiting trust in software supply chains. Below, we unpack the attack details, how SentinelOne's technology detected it, and the broader implications for cybersecurity.

What exactly happened during the CPU-Z watering hole attack?

On April 9, 2026, attackers infiltrated cpuid.com, the official website for CPU-Z and other system utilities. They compromised the domain at the API level, enabling a silent redirection of download requests to attacker-controlled servers. For roughly 19 hours, any user who visited the official site and clicked the genuine download button received a properly signed binary that included a malicious payload. The trust chain was intact—users followed all security advice—but the supply chain itself was corrupted. The attack targeted system administrators and IT professionals who routinely use CPU-Z, HWMonitor, and similar tools. Because the binary carried a valid digital signature from the vendor and came from the legitimate infrastructure, traditional signature-based defenses would have missed it. SentinelOne's behavioral AI, however, flagged the anomaly within seconds of execution, preventing the attack from progressing further.

Inside the CPU-Z Attack: How SentinelOne's Autonomous EDR Stopped a Supply Chain Threat — Source: www.sentinelone.com

Why did traditional security tools fail against this attack?

Traditional antivirus and endpoint protection rely heavily on signature matching, reputation checks, and static analysis. In the CPU-Z attack, the binary itself was genuine—it had a valid digital signature from CPUID and was downloaded from the official website. No malicious code was stored on disk; instead, the payload was bundled inside a properly signed installer. This bypassed most signature-based detection because the file looked legitimate. Reputation-based systems also saw no issue since the download originated from a trusted domain. The attack exploited the fundamental assumption that if a file is signed by a trusted vendor and delivered through official channels, it must be safe. This is a classic supply chain compromise—the same concept behind the SolarWinds attack. Only behavioral detection, which monitors what a process does rather than what it is, could catch such a threat. SentinelOne's AI EDR excels here because it looks for malicious actions, not just malicious files.

How did SentinelOne's AI EDR detect the anomaly in CPU-Z?

Moments after cpuz_x64.exe began executing, SentinelOne's agent triggered an alert: “Penetration framework or shellcode was detected.” The detection came from analyzing the process's behavior, not its file signature. The agent observed the process chain: cpuz_x64.exe spawned PowerShell, which then spawned csc.exe (C# compiler), which in turn spawned cvtres.exe (resource compiler). This chain is highly unusual for CPU-Z, a system information tool that should not invoke compilers or scripting engines. The agent also noted five specific behavioral indicators: anomalous API resolution (the process used non-standard methods to locate system functions, bypassing the OS loader), reflective code loading (code running in memory with no corresponding file on disk), suspicious memory allocation (RWX permissions granted, a staging area for payloads), process injection patterns (execution flow redirected into another process to hide origins), and heuristic shellcode signatures (sequential operations typical of exploit toolkits). These red flags converged instantly, prompting autonomous termination and quarantine.

What specific behavioral indicators triggered the alert?

SentinelOne's agent identified five converging behavioral patterns that together indicated a supply chain attack:

Anomalous API resolution: The process located system functions through non-standard discovery methods—bypassing the OS loader entirely—which is a common evasion technique.
Reflective code loading: Executable code was running in memory regions that had no corresponding file on disk, often used to load malicious payloads without writing to storage.
Suspicious memory allocation: The binary requested Read-Write-Execute (RWX) memory permissions, a staging pattern typical for injecting shellcode.
Process injection patterns: Execution flow was consistent with code being redirected into a secondary process to mask its origin and evade detection.
Heuristic shellcode signatures: Sequential operations characteristic of automated exploitation toolkits were observed, preparing the environment for command execution.

All five indicators were present within the first few seconds of execution. Importantly, no single indicator alone would have been conclusive, but their convergence provided high confidence and allowed the agent to act autonomously before any damage occurred.

How does this attack fit into broader software supply chain threats?

This CPU-Z incident is part of a systemic shift in cybersecurity: attackers are increasingly targeting the software supply chain rather than individual endpoints. SentinelOne's Annual Threat Report highlights that “the identity of a trusted developer becomes the vector of attack.” In late 2025, the GhostAction campaign demonstrated this—attackers compromised a GitHub maintainer's account to push malicious workflows that extracted secrets. Similarly, a phishing attack against a maintainer of popular NPM packages deployed code to intercept cryptocurrency transactions. In each case, the commit logs appeared legitimate because they came from authorized accounts. The CPUID attack extends the pattern to software distribution: the supplier's own download infrastructure became the delivery channel. Users who downloaded CPU-Z followed every security instruction—they went to the official site and used the legitimate button—but the trust chain was broken above them. The next attack will work the same way, which is why behavioral detection and autonomous response are critical.

What did SentinelOne do to stop the attack autonomously?

Once SentinelOne's agent detected the behavioral anomaly in cpuz_x64.exe, it didn't wait for a human analyst. The agent used its AI-driven decision engine to assess the five converging indicators as high-risk. It immediately terminated the malicious process chain, including PowerShell, csc.exe, and any spawned processes. Then it quarantined the involved processes and the malicious CRYPTBASE.dll that had been placed in the system. All this happened within seconds, before the attack could establish persistence, exfiltrate data, or deploy additional payloads. The agent's response was entirely autonomous—no cloud connectivity or manual intervention required. This speed is crucial because many supply chain attacks, like this one, rely on executing payloads quickly before security tools can update signatures. SentinelOne's approach, based on behavioral AI, provides protection without needing prior knowledge of the threat.

What lessons can enterprises learn from this incident?

The CPU-Z attack underscores several critical lessons for organizations. First, trust no file, even if it is digitally signed and comes from an official source—supply chain compromises can subvert both. Second, rely on behavioral detection over static signatures; attackers are increasingly using legitimate binaries as delivery vehicles. Third, implement autonomous endpoint protection capable of responding in real time without human intervention, because latency can be fatal. Fourth, monitor process chains and API calls for anomalies, not just file hashes. Fifth, educate users that even the most cautious behavior can be defeated if the upstream supply chain is compromised. Finally, adopt a layered defense that includes endpoint detection, network monitoring, and strict application control. SentinelOne's AI EDR demonstrated that when attackers exploit trust, the only reliable defense is technology that sees beyond appearances and stops malicious behavior the instant it occurs.

Tags: