#ESET Research has identified a #China -aligned threat actor called #CeranaKeeper , which has been targeting governmental institutions in Thailand since 2023. CeranaKeeper, originally associated with the group #MustangPanda , utilizes advanced techniques to steal vast amounts of data. The group abuses legitimate cloud services like Dropbox, OneDrive, and GitHub to create custom backdoors and execute commands on compromised systems. Their attacks focus on data exfiltration, deploying a range of tools, including TONESHELL, #WavyExfiller , and BingoShell, to exploit compromised machines. CeranaKeeper's operations reveal its creativity and adaptability, making it a persistent threat across Southeast Asia.