| Menu principale |
|
|  Home |
 About: Totocellux |
 LinkedIn |
| X (Twitter) |
| GitHub |
 Libreria articoli |
 Avvisi Portale |
 Software |
| Hardware |
| CyberSecurity |
| Networking |
| Telefonia |
| Virtualizzazione |
 Galleria Web |
 Forum | | 
|
|
 Benvenuto Ospite, nel Portale Campolo.eu: se sei già utente effettua il login, altrimenti puoi facilmente registrarti.
[Registrati] [Login]
|
  
|
|
| Moduli |
XML - Risorsa di notizie
 |
Consiglia Campolo.eu ai tuoi amici
|
| |
|
|
| CeranaKeeper [China] |
espandi info/opzioni dell'articolo |  Opzioni articolo | Sommario | |
|
| Names CeranaKeeper (ESET)
Country China China
Sponsor State-sponsored
Motivation Information theft and espionage
First seen 2022
Description (ESET) CeranaKeeper has been active since at least the beginning of 2022, mainly targeting governmental entities in Asian countries such as Thailand, Myanmar, the Philippines, Japan, and Taiwan; we believe it is aligned with China’s interests. The group’s relentless hunt for data is remarkable, with its attackers deploying a wide array of tools aimed at extracting as much information as possible from compromised networks. In the operation we analyzed, the group turned compromised machines into update servers, devised a novel technique using GitHub’s pull request and issue comment features to create a stealthy reverse shell, and deployed single-use harvesting components when collecting entire file trees.
CeranaKeeper seems to reuse tools from Mustang Panda, Bronze President.
Observed Sectors: Government.
Countries: Japan, Myanmar, Philippines, Taiwan, Thailand.
Tools used PUBLOAD, TONEINS, TONESHELL.
Operations performed 2023 Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
Information
Last change to this card: 24 October 2024 |
|
|
|
 a Threat Actors
|
|
a libreria articoli
|
 Home
|
|
|
La tua posizione
Seleziona la skin dell'interfaccia
