November 20, 2024 at 03:38PM
A new threat actor, Liminal Panda, has been spying on mobile phones in Asia and Africa for over four years, targeting telecommunications networks to gather sensitive data for potential use by the Chinese state. The group’s tactics involve network-based attacks and exploiting telecommunications infrastructure for economic and political espionage.
### Meeting Takeaways
1. **Emergence of Threat Actor**: A new advanced persistent threat (APT) known as Liminal Panda has been identified as a significant espionage actor, particularly targeting mobile phones in Asia and Africa for over four years.
2. **Key Testimony**: Adam Meyers from CrowdStrike testified before the US Senate on November 19 about Chinese cyber threats to critical infrastructure, specifically detailing Liminal Panda’s operations.
3. **Operational Focus**:
– Liminal Panda specializes in network-based attacks, infiltrating telecommunications networks to collect intelligence, such as SMS messages and phone metadata.
– The group targets the IT network infrastructure of telcos, rather than directly attacking communication towers.
4. **Attack Methodology**:
– The group uses malware to intercept data during its routes through a telco’s network. This includes sensitive data from call and text records.
– Their command-and-control (C2) setup mimics Global System for Mobile Communications (GSM) protocols to facilitate data exfiltration.
5. **Interoperability Exploitation**:
– Liminal Panda has been observed moving between various telecom providers, leveraging the inherent interoperability put in place for mobile communication.
– They utilize the Domain Name System (DNS) to navigate and create multiple routes between different telecom networks.
6. **Strategic Goals**:
– The group’s activities may serve dual purposes: gathering intelligence on foreign officials and political dissidents while facilitating economic espionage tied to national projects such as the Belt and Road Initiative and Made in China 2025.
– This espionage can provide insights into business dealings, establishing a strategic advantage for Chinese interests.
7. **Implications**: The ongoing operations of Liminal Panda highlight significant vulnerabilities in telecommunications infrastructure and raise concerns over privacy, security, and geopolitical dynamics involving China.