Data Security, Threat Intelligence

Southeast Asia subjected to China-linked data exfiltration attacks

Credit: Adobe Stock Images

Thailand, Myanmar, Taiwan, and other countries across Southeast Asia have been targeted with a data theft campaign by novel threat operation CeranaKeeper, which has been leveraging tools linked to the Chinese advanced persistent threat group Mustang Panda, reports The Hacker News.

Attacks by CeranaKeeper involved the deployment of the Mustang Panda-linked TONESHELL backdoor, a credential dumping tool, and a legitimate Avast driver before proceeding with the delivery of the WavyExfiller Python uploader for data gathering, the DropboxFlop payload, the Microsoft OneDrive REST API-exploiting OneDoor backdoor, and the BingoShell Python backdoor, according to an ESET report. "Mustang Panda and CeranaKeeper seem to operate independently of each other, and each has its own toolset. Both threat actors may rely on the same third party, such as a digital quartermaster, which is not uncommon among China-aligned groups, or have some level of information sharing, which would explain the links that have been observed," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds