 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: CeranaKeeper| Names | CeranaKeeper (ESET) | |
| Country |  China | |
| Sponsor | State-sponsored | |
| Motivation | Information theft and espionage | |
| First seen | 2022 | |
| Description | (ESET) CeranaKeeper has been active since at least the beginning of 2022, mainly targeting governmental entities in Asian countries such as Thailand, Myanmar, the Philippines, Japan, and Taiwan; we believe it is aligned with China’s interests. The group’s relentless hunt for data is remarkable, with its attackers deploying a wide array of tools aimed at extracting as much information as possible from compromised networks. In the operation we analyzed, the group turned compromised machines into update servers, devised a novel technique using GitHub’s pull request and issue comment features to create a stealthy reverse shell, and deployed single-use harvesting components when collecting entire file trees. CeranaKeeper seems to reuse tools from Mustang Panda, Bronze President. | |
| Observed | Sectors: Government. Countries: Japan, Myanmar, Philippines, Taiwan, Thailand. | |
| Tools used | PUBLOAD, TONEINS, TONESHELL. | |
| Operations performed | 2023 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand <https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/> |
| Information | <https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q4-2023-q1-2024.pdf> | |
Last change to this card: 24 October 2024
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |