"CeranaKeeper Emerges as New Threat to Thai Government Networks"

Security researchers at ESET have recently identified a new China-aligned threat group named CeranaKeeper, which is targeting governmental institutions in Thailand.  This group has been active since early 2022 and leverages an evolving toolset to exfiltrate sensitive data by abusing legitimate cloud services such as Dropbox, OneDrive, and GitHub.  While some of CeranaKeeper's tools were previously attributed to the Mustang Panda group, the researchers' new analysis revealed technical differences, suggesting these are distinct entities.  The researchers noted that CeranaKeeper stands out for its innovative use of popular services for data theft.  The group has developed and deployed custom backdoors and data exfiltration tools, including Python and C++ based malware.  Notable components include WavyExfiller, a Python-based tool that uploads sensitive documents to Dropbox, and OneDoor, a C++ malware that abuses OneDrive to both receive commands and extract files.  

 

Infosecurity Magazine reports: "CeranaKeeper Emerges as New Threat to Thai Government Networks"

Submitted by Adam Ekwall on