China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

The attacks are characterized by the use of malware families such as TONESHELL, TONEINS, and PUBLOAD – all attributed to the Mustang Panda group – while also making use of an arsenal of never-before-seen tools to aid data exfiltration. ESET described CeranaKeeper as relentless, creative, and capable of swiftly adapting its modus operandi, while also calling it aggressive and greedy for its ability to move laterally across compromised environments and hoover as much information as possible via various backdoors and exfiltration tools. Calling out CeranaKeeper's ability to quickly write and rewrite its toolset as required to evade detection, the company said the threat actor's end goal is to develop bespoke malware that can allow it to collect valuable information on a large scale. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. "The group constantly updates its backdoor to evade detection and diversifies its methods to aid massive data exfiltration," security researcher Romain Dumont said in an analysis published today. However, a successful initial foothold is abused to gain access to other machines on the local network, even turning some of the compromised machines into proxies or update servers to store updates for their backdoor. "After gaining privileged access, the attackers installed the TONESHELL backdoor, deployed a tool to dump credentials, and used a legitimate Avast driver and a custom application to disable security products on the machine," Dumont said. Some of the other countries targeted by the adversary include Myanmar, the Philippines, Japan, and Taiwan, all of which have been targeted by Chinese state-sponsored threat actors in recent years. Huntress Managed SIEM is everything you need, nothing you don't — smart filtering for security data, constant monitoring, and compliance assistance—all at a clear, predictable price. "From this compromised server, they used a remote administration console to deploy and execute their backdoor on other computers in the network.

This Cyber News was published on thehackernews.com. Publication date: Wed, 02 Oct 2024 16:43:05 +0000


Cyber News related to China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

China-aligned CeranaKeeper Makes A Beeline For Thailand - The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication ...
2 months ago Informationsecuritybuzz.com
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration - The attacks are characterized by the use of malware families such as TONESHELL, TONEINS, and PUBLOAD – all attributed to the Mustang Panda group – while also making use of an arsenal of never-before-seen tools to aid data exfiltration. ...
2 months ago Thehackernews.com
China-Backed APT Group Culling Thai Government Data - Analysis showed CeranaKeeper was using components common with the known Chinese-backed APT group Mustang Panda, in addition to fresh tools for undermining legitimate file-sharing services, including Pastebin, Dropbox, OneDrive, and GitHub. An ...
2 months ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
10 months ago Darkreading.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
11 months ago Darkreading.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
Southeast Asian casino industry supercharging cyber fraud, UN says - The expanding Southeast Asian casino industry has become the nexus of the region's criminal ecosystem, including its cyber fraud industry, and it is facilitating large-scale money laundering by organized crime networks, a new United Nations report ...
11 months ago Therecord.media
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
7 months ago Theregister.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
10 months ago Darkreading.com
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations - Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a ...
1 year ago Thehackernews.com
A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
1 year ago Packetstormsecurity.com
Big China Spy Balloon Moving East Over US, Pentagon Says - The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China's claims that it was not being used for surveillance. Gen. Pat Ryder, Pentagon press secretary, ...
1 year ago Securityweek.com
US House 'Asks Intel, Nvidia, Micron CEOs' To Testify On China - US House of Representatives China committee asks chief executives of Intel, Nvidia, Micron to testify as international tensions mount. The chief executives of Intel, Nvidia and Micron have been asked to testify before the US House of Representatives' ...
11 months ago Silicon.co.uk
Southeast Asian scam syndicates stealing $64 billion annually, researchers find - Online fraud operations in Southeast Asia continue to grow, with organized scamming syndicates netting an estimated $64 billion each year worldwide, according to new research. In Cambodia, Laos and Myanmar, the criminal groups are stealing about ...
7 months ago Therecord.media
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
1 year ago Theregister.com
China Investigating Alleged Use of Surveillance Balloon in US - China declared on Friday that it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and asked for people to remain calm. The Foreign Ministry spokesperson Mao Ning also said that China has no intention of infringing ...
1 year ago Securityweek.com
Cyber scam call center slavery expands beyond southeast Asia The Register - Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated. Interpol revealed this week that an ongoing investigation has discovered evidence of abuse emanating ...
1 year ago Go.theregister.com
China Launches Probe into Geographic Data Security - China has started a security investigation into the export of geolocation data, a development that highlights the nation's rising concerns about data security. The probe, which was made public on December 11, 2023, represents a major advancement in ...
1 year ago Cysecurity.news
Framework for Automated Detection of Malicious Software Aimed at Android Users in Southeast Asia - Since July 2022, a malicious campaign has been targeting Android users in Southeast Asia with the goal of stealing their assets from finance and banking applications. This banking trojan, named TgToxic, is embedded in multiple fake apps and has been ...
1 year ago Trendmicro.com
1 million Corewell Health patients could be impacted by second data breach - GRAND RAPIDS, MI - About one million Corewell Health patients in southeast Michigan may have had their personal and medical information exposed in yet another nationwide data breach. Michigan Attorney General Dana Nessel on Tuesday, Dec. 26, ...
11 months ago Mlive.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)