CyberSecurityBoard
Sponsor Register Login

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

The attacks are characterized by the use of malware families such as TONESHELL, TONEINS, and PUBLOAD – all attributed to the Mustang Panda group – while also making use of an arsenal of never-before-seen tools to aid data exfiltration. ESET described CeranaKeeper as relentless, creative, and capable of swiftly adapting its modus operandi, while also calling it aggressive and greedy for its ability to move laterally across compromised environments and hoover as much information as possible via various backdoors and exfiltration tools. Calling out CeranaKeeper's ability to quickly write and rewrite its toolset as required to evade detection, the company said the threat actor's end goal is to develop bespoke malware that can allow it to collect valuable information on a large scale. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. "The group constantly updates its backdoor to evade detection and diversifies its methods to aid massive data exfiltration," security researcher Romain Dumont said in an analysis published today. However, a successful initial foothold is abused to gain access to other machines on the local network, even turning some of the compromised machines into proxies or update servers to store updates for their backdoor. "After gaining privileged access, the attackers installed the TONESHELL backdoor, deployed a tool to dump credentials, and used a legitimate Avast driver and a custom application to disable security products on the machine," Dumont said. Some of the other countries targeted by the adversary include Myanmar, the Philippines, Japan, and Taiwan, all of which have been targeted by Chinese state-sponsored threat actors in recent years. Huntress Managed SIEM is everything you need, nothing you don't — smart filtering for security data, constant monitoring, and compliance assistance—all at a clear, predictable price. "From this compromised server, they used a remote administration console to deploy and execute their backdoor on other computers in the network.

This Cyber News was published on thehackernews.com. Publication date: Wed, 02 Oct 2024 16:43:05 +0000


Cyber News related to China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

China-aligned CeranaKeeper Makes A Beeline For Thailand - The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication ...
10 months ago Informationsecuritybuzz.com Mustang Panda
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration - The attacks are characterized by the use of malware families such as TONESHELL, TONEINS, and PUBLOAD – all attributed to the Mustang Panda group – while also making use of an arsenal of never-before-seen tools to aid data exfiltration. ...
10 months ago Thehackernews.com Mustang Panda
China-Backed APT Group Culling Thai Government Data - Analysis showed CeranaKeeper was using components common with the known Chinese-backed APT group Mustang Panda, in addition to fresh tools for undermining legitimate file-sharing services, including Pastebin, Dropbox, OneDrive, and GitHub. An ...
10 months ago Darkreading.com Mustang Panda
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
10 months ago Aws.amazon.com
Southeast Asian cyber fraud industry at ‘inflection point’ as it expands globally | The Record from Recorded Future News - Another one of those areas is the Pacific islands, where criminal groups with connections to the Southeast Asian fraud industry have built up infrastructure like casinos and resorts and have taken advantage of citizenship-by-investment schemes on ...
3 months ago Therecord.media
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
1 year ago Darkreading.com
Senator presses Musk on Starlink ‘misuse’ by Southeast Asian scammers | The Record from Recorded Future News - “While SpaceX has stated that it investigates and deactivates Starlink devices in various contexts, it seemingly has not publicly acknowledged the use of Starlink for scams originating in Southeast Asia — or publicly discussed actions the company ...
1 week ago Therecord.media
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
TikTok fined €530 million for sending European user data to China - The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection ...
3 months ago Bleepingcomputer.com
Southeast Asian casino industry supercharging cyber fraud, UN says - The expanding Southeast Asian casino industry has become the nexus of the region's criminal ecosystem, including its cyber fraud industry, and it is facilitating large-scale money laundering by organized crime networks, a new United Nations report ...
1 year ago Therecord.media
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
1 year ago Theregister.com APT3 Volt Typhoon
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
1 year ago Darkreading.com Volt Typhoon
Chinese Hackers Employ New Reverse SSH Tool to Attack Organizations - A sophisticated Chinese hacking group known as Billbug (also tracked as Lotus Blossom, Lotus Panda, and Bronze Elgin) has intensified its espionage campaign across Southeast Asia, employing a new custom Reverse SSH Tool to compromise high-value ...
3 months ago Cybersecuritynews.com Lotus Blossom
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com Rocke
A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
1 year ago Packetstormsecurity.com Rocke
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations - Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a ...
1 year ago Thehackernews.com Mustang Panda
Big China Spy Balloon Moving East Over US, Pentagon Says - The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China's claims that it was not being used for surveillance. Gen. Pat Ryder, Pentagon press secretary, ...
2 years ago Securityweek.com
US House 'Asks Intel, Nvidia, Micron CEOs' To Testify On China - US House of Representatives China committee asks chief executives of Intel, Nvidia, Micron to testify as international tensions mount. The chief executives of Intel, Nvidia and Micron have been asked to testify before the US House of Representatives' ...
1 year ago Silicon.co.uk
Southeast Asian scam syndicates stealing $64 billion annually, researchers find - Online fraud operations in Southeast Asia continue to grow, with organized scamming syndicates netting an estimated $64 billion each year worldwide, according to new research. In Cambodia, Laos and Myanmar, the criminal groups are stealing about ...
1 year ago Therecord.media
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
1 year ago Theregister.com
China Investigating Alleged Use of Surveillance Balloon in US - China declared on Friday that it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and asked for people to remain calm. The Foreign Ministry spokesperson Mao Ning also said that China has no intention of infringing ...
2 years ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)