Thai Government Details

    Organization Logo

    Thai Government

    Bangkok1000 employees • Governments

    http://www.thaigov.go.th
    Thailand

    Industry

    Governments

    Security Incidents

    1

    The Thai Government is the central governing authority of the Kingdom of Thailand, a country located in Southeast Asia. Its primary function is to administer public policy, maintain public order, ensure national security, and provide public services to its citizens. The government operates under a constitutional monarchy, which means that it recognizes a monarch as the official head of state, while political power is primarily held by elected officials. The structure of the Thai Government includes three main branches: the executive, the legislative, and the judiciary.

    Thailand has a complex ...
    Show more

    Security Incidents

    Thai Government Breach of Jun 2023
    Severity Score
    Significant to High

    Type

    Data Breach

    Summary

    In mid-2023, the Thai government fell victim to a cyberattack orchestrated by a China-aligned threat actor called CeranaKeeper. This group conducted a brute-force attack against a local area network domain control server to gain privileged access to the government's systems. Upon successful infiltration, CeranaKeeper deployed the Toneshell backdoor and a credential dumping tool. Additionally, the group abused a legitimate Avast driver to disable security protections within the network.

    Capitalizing on their entrenched access, CeranaKeeper embarked on a widespread data exfiltration campaign, u...
    Show more

    Severity

    The CeranaKeeper threat actor, allegedly backed by China, executed a sophisticated attack targeting the Thai government, highlighting its focus on Southeast Asia. Operating since early 2022, and leveraging tactics similar to Mustang Panda, CeranaKeeper launched data exfiltration attacks using popular file-sharing services like Pastebin and GitHub. The group successfully employed brute-force techniques to infiltrate Thai government systems, gaining privileged access and deploying advanced tools like the Toneshell backdoor.

    The incident showcased CeranaKeeper's adaptability, with the rapid evol...
    Show more

    Impact

    The incident involving the emergent threat actor, CeranaKeeper, was a sophisticated data exfiltration attack focusing primarily on government institutions in Thailand. This threat actor, with ties to the Chinese government, breached Thai systems by targeting a local area network domain control server through a brute-force attack. Consequently, they gained privileged access, deploying malware such as the Toneshell backdoor and exploiting an Avast driver to disable security measures.

    The attacks were predominantly aimed at extensive data harvesting from the compromised systems using file-shari...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos