China-Backed APT Group Culling Thai Government Data

  /     /     /  
Publicated : 23/11/2024   Category : security


China-Backed APT Group Culling Thai Government Data


CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.



An emergent China-aligned threat actor called CeranaKeeper has orchestrated a massive data exfiltration effort across Southeast Asia, most recently launching a barrage of cyberattacks against government institutions of Thailand.
The group has been working since early 2022, according to ESET researchers. Analysis showed CeranaKeeper was using components common with the known
Chinese-backed APT group Mustang Panda
, in addition to fresh tools for undermining legitimate file-sharing services, including Pastebin, Dropbox, OneDrive, and GitHub.
Based on our findings, we decided to track this activity cluster as the work of a separate threat actor, a new ESET report said. The numerous occurrences of the string [Bb]ectrl in the code of the groups tools inspired us to name it CeranaKeeper; it is a wordplay between the words beekeeper and the bee species Apis Cerana, or the Asian honey bee.
CeranaKeeper broke into Thai government systems through a brute-force attack against a local area network domain control server in mid-2023, ESET said. From there the group was able to get privileged access, deploy the Toneshell backdoor and a credential dumping tool, and also abuse a legitimate Avast driver to disable security protections.
Once comfortably in the network, the group began a massive data harvesting effort, ESET observed.
The group is relentless, rapidly evolving, and nimble,
ESET warned
.
The operators write and rewrite their toolset as needed by their operations and react rather quickly to keep avoiding detection, ESET added. This groups goal is to harvest as many files as possible and it develops specific components to that end.
The Chinese government uses APT groups like
Mustang Panda
and CeranaKeeper to support government activities through
espionage and other cybercrimes
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
China-Backed APT Group Culling Thai Government Data