CeranaKeeper [1] [2] [3] [4] [5] [6] [7] [8], a newly identified threat actor associated with Chinese cyber espionage activities [2], has been operating in Southeast Asia since at least 2022.
Description
Operating independently from Mustang Panda [3] [6], CeranaKeeper targets governmental institutions in countries such as Thailand, Myanmar [1] [3] [7], Japan [1] [3] [7], and Taiwan [1] [3] [7]. The group utilizes popular cloud services like Dropbox [2], GitHub [1] [3] [4] [5] [6] [7] [8], OneDrive [1] [2] [3] [4] [5] [7] [8], and PixelDrain for command-and-control communication [6], adding complexity to its operations [6]. CeranaKeeper employs custom tools like Python and C++-based malware for data exfiltration, as well as a constantly updated TONESHELL backdoor. Known for its persistence and rapid evolution, CeranaKeeper focuses on maximizing file exfiltration through targeted attacks on specific machines. ESET researchers have highlighted the group’s adaptability and persistence in evading detection, suggesting alignment with Chinese interests in espionage and cybercrimes.
Conclusion
This development underscores the growing sophistication and persistence of cyber espionage efforts in the region [2], necessitating organizations to enhance their cybersecurity measures to defend against advanced threat actors like CeranaKeeper. The impact of such threats on national security and data integrity cannot be understated, emphasizing the urgency for proactive measures to mitigate risks and safeguard critical information.
References
[1] https://www.infosecurity-magazine.com/news/ceranakeeper-new-threat-thai/
[2] https://cybermaterial.com/chinese-ceranakeeper-targets-southeast-asia/
[3] https://thehackernews.com/2024/10/china-linked-ceranakeeper-targeting.html
[4] https://www.darkreading.com/cyberattacks-data-breaches/new-china-backed-apt-group-culling-thai-government-data
[5] https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/
[6] https://informationsecuritybuzz.com/china-aligned-ceranakeeper-thailand/
[7] https://blog.eset.ie/2024/10/02/eset-research-discovers-new-government-attacking-apt-group/
[8] https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-new-china-aligned-apt-group-ceranakeeper-which-targeted-the-thai-government/
