In recent news, a new cyber threat actor known as CeranaKeeper has been making headlines for its massive data exfiltration campaign across Southeast Asia. The group, believed to have ties to China, has been identified by ESET researchers who have been monitoring their activities since early 2022.
According to ESET’s analysis, CeranaKeeper has been utilizing tactics similar to those of the well-known Chinese-backed APT group Mustang Panda. However, they have also incorporated new tools to target legitimate file-sharing services such as Pastebin, Dropbox, OneDrive, and GitHub. The researchers named the group CeranaKeeper based on the occurrence of the string “[Bb]ectrl” in the group’s code, drawing inspiration from the words “beekeeper” and the Asian honey bee species Apis Cerana.
Recently, CeranaKeeper launched a series of cyberattacks against government institutions in Thailand. ESET reported that the group gained access to the Thai government systems through a brute-force attack on a local area network domain control server in mid-2023. Once inside, CeranaKeeper deployed a backdoor known as Toneshell and a credential dumping tool, as well as exploited a legitimate Avast driver to disable security measures.
ESET has described CeranaKeeper as a relentless and rapidly evolving threat group that is constantly adapting its toolset to avoid detection. The group’s primary objective is to harvest as much data as possible, developing specific tools and components for this purpose. The Chinese government is believed to use APT groups like Mustang Panda and CeranaKeeper to support its espionage and cybercrime activities.
In light of CeranaKeeper’s ongoing cyberattacks and their sophisticated tactics, cybersecurity experts are urging organizations to enhance their defenses and remain vigilant against potential threats. As CeranaKeeper continues to operate with agility and determination, it is critical for governments and businesses to prioritize cybersecurity measures to protect sensitive data and infrastructure from malicious actors.