China-Backed APT Group Culling Thai Government Data

CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.

An emergent China-aligned threat actor called CeranaKeeper has orchestrated a massive data exfiltration effort across Southeast Asia, most recently launching a barrage of cyberattacks against government institutions of Thailand.
The group has been working since early 2022, according to ESET researchers. Analysis showed CeranaKeeper was using components common with the known
Chinese-backed APT group Mustang Panda
, in addition to fresh tools for undermining legitimate file-sharing services, including Pastebin, Dropbox, OneDrive, and GitHub.
Based on our findings, we decided to track this activity cluster as the work of a separate threat actor, a new ESET report said. The numerous occurrences of the string [Bb]ectrl in the code of the groups tools inspired us to name it CeranaKeeper; it is a wordplay between the words beekeeper and the bee species Apis Cerana, or the Asian honey bee.
CeranaKeeper broke into Thai government systems through a brute-force attack against a local area network domain control server in mid-2023, ESET said. From there the group was able to get privileged access, deploy the Toneshell backdoor and a credential dumping tool, and also abuse a legitimate Avast driver to disable security protections.
Once comfortably in the network, the group began a massive data harvesting effort, ESET observed.
The group is relentless, rapidly evolving, and nimble,
ESET warned
.
The operators write and rewrite their toolset as needed by their operations and react rather quickly to keep avoiding detection, ESET added. This groups goal is to harvest as many files as possible and it develops specific components to that end.
The Chinese government uses APT groups like
Mustang Panda
and CeranaKeeper to support government activities through
espionage and other cybercrimes
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
China-Backed APT Group Culling Thai Government Data