The CPU-Z Watering Hole Attack: How AI EDR Thwarted a Software Supply Chain Compromise

Introduction

On April 9, 2026, a sophisticated software supply chain attack targeted the official CPUID website, threatening thousands of users who downloaded popular system utilities like CPU-Z, HWMonitor, and PerfMonitor. For approximately 19 hours, threat actors had compromised cpuid.com at the API level, covertly redirecting legitimate download requests to attacker-controlled servers. The attack was ultimately blocked autonomously by SentinelOne’s AI-driven endpoint detection and response (EDR) system before it could cause widespread harm. This article examines the incident, the behavioral indicators that triggered the alert, and the broader implications for software supply chain security.

The Attack on CPUID’s Download Infrastructure

Compromised Trust Chain

Users who visited the official CPUID site and clicked the legitimate download button received a binary that appeared perfectly normal: it was properly signed with a valid digital signature and delivered directly from the vendor’s own infrastructure. However, unbeknownst to both the vendor and users, the download actually contained a malicious payload bundled inside the genuine executable. The trust chain had been broken above the user—the identity and infrastructure of a trusted developer had been subverted, making the attack nearly invisible to traditional security measures. This type of watering hole attack exploits the inherent trust users place in official software sources.

The attackers achieved this by compromising the CPUID domain at the API level, allowing them to intercept and modify download requests silently. The malicious payload was designed to execute without raising suspicion, hiding within a legitimate application that IT professionals use daily.

Behavioral Detection in Action

The Anomalous Process Chain

SentinelOne’s agent detected the attack within seconds of execution, not by scanning for known malware signatures, but by analyzing the behavior of the process chain. The legitimate cpuz_x64.exe binary began to perform actions that no version of CPU-Z should ever do: it spawned PowerShell, which in turn launched csc.exe (the C# compiler), followed by cvtres.exe (the resource compiler). This chain of events—a normal utility spawning scripting and compilation tools—was highly atypical and immediately flagged as suspicious.

The agent triggered the alert titled “Penetration framework or shellcode was detected” based on five converging behavioral indicators. Each indicator alone might appear benign, but combined they painted a clear picture of malicious intent. Below is a breakdown of these indicators:

Five Indicators of Malicious Activity

• Anomalous API resolution: The process located system functions through non-standard discovery methods, bypassing the operating system’s normal loader. This technique is commonly used by malware to avoid detection by security tools that monitor standard API calls.
• Reflective code loading: Executable code was loaded into memory regions with no corresponding file on disk. This allowed the malware to run without writing a file, making forensic analysis more difficult.
• Suspicious memory allocation: Read-Write-Execute (RWX) memory permissions were requested. This pattern is a classic staging area for injecting and executing malicious payloads, as it allows the attacker to write, modify, and then run code from the same memory region.
• Process injection patterns: The execution flow indicated that code was being redirected into a secondary process to mask its origin. By injecting into a system process, the malware could evade detection by appearing to be a legitimate application.
• Heuristic shellcode signatures: Sequential operations characteristic of automated exploitation toolkits were observed, preparing the environment for command execution. This included techniques such as obfuscation and anti-debugging checks.

Because the agent detected these behaviors autonomously, it terminated and quarantined the involved processes before the attack could progress further. The malicious CRYPTBASE.dll that had been placed in the system was also neutralized.

A Broader Trend in Supply Chain Attacks

This incident is not an isolated case. SentinelOne’s Annual Threat Report identifies a systemic shift: “This [shift] extends deeply into the software supply chain, where the identity of a trusted developer becomes the vector of attack.” In late 2025, the GhostAction campaign saw a compromised GitHub maintainer account push malicious workflows to extract secrets. Around the same time, a phishing attack against a maintainer of popular NPM packages deployed malicious code capable of intercepting cryptocurrency transactions. In both cases, commit logs and push events appeared legitimate because the accounts had valid write access. The identity was verified; the intent had been subverted.

The CPUID watering hole attack extends this pattern to the software distribution channel itself. Instead of compromising a developer’s account, the attackers compromised the infrastructure that delivers the software to end users. This means that even the most cautious user—who verifies signatures and downloads only from official sites—could still be at risk. The lessons from these incidents underline the need for advanced behavioral detection that doesn’t rely on trust alone.

Autonomous Response and Prevention

SentinelOne’s AI-powered EDR platform exemplifies the shift toward autonomous security. By focusing on what processes do rather than what they are, the platform can detect novel attacks that have never been seen before. The CPU-Z attack was blocked without human intervention, within seconds of execution, and without requiring any signature updates. This capability is essential for defending against supply chain attacks, where the initial payload is often a legitimate, signed file.

To protect your organization, consider implementing the following best practices:

• Deploy behavioral EDR: Use solutions that monitor process behavior and can detect anomalies in real time, even for signed binaries.
• Audit third-party dependencies: Regularly review the security posture of software vendors and their distribution channels.
• Implement least privilege: Restrict the ability of processes to spawn other executables, especially scripting engines like PowerShell, unless explicitly needed.
• Enable memory protection: Use tools that detect and block reflective code loading and RWX memory allocations.

The CPU-Z watering hole attack serves as a stark reminder that trust is no longer a sufficient security control. As attackers continue to exploit the software supply chain, autonomous AI-driven detection and response will be critical to staying one step ahead.