November 20, 2024 at 02:27AM
A new China-linked cyber espionage group named Liminal Panda targets telecommunications entities in South Asia and Africa, employing advanced tools for unauthorized access and data extraction. CrowdStrike highlights prior misattribution and notes that these activities exploit trust relationships among telecom providers, underscoring vulnerabilities in critical infrastructure to state-sponsored attacks.
### Meeting Takeaways – Nov 20, 2024
**Topic:** Cyber Espionage / Telecom Security – Liminal Panda Threat
1. **New Threat Actor Identified:**
– A China-linked cyber espionage group named **Liminal Panda** has been attributed to a series of targeted attacks on telecommunications in South Asia and Africa since 2020, aimed at intelligence collection.
2. **Capabilities and Tools:**
– Liminal Panda exhibits deep expertise in telecommunications networks and protocols.
– Key custom tools include:
– **SIGTRANslator**: Facilitates data transmission using SIGTRAN protocols.
– **CordScan**: Scans networks and captures packets related to telecom protocols.
– **PingPong**: A backdoor that enables a TCP reverse shell through ICMP echo requests.
3. **Method of Intrusion:**
– Utilizes compromised telecom servers to extend access and infiltrate additional providers.
– Employs mobile telecommunications protocols (like GSM) for command-and-control (C2) operations and to extract mobile subscriber data.
4. **Historical Context:**
– Previous activity attributed to a different group (LightBasin) was reassessed to be Liminal Panda, due to the complexity of the attacked network involving multiple threat actors.
5. **Current Security Landscape:**
– U.S. telecom companies (e.g., AT&T, Verizon) have also been targeted by another China-linked group, **Salt Typhoon**, highlighting vulnerabilities in critical infrastructure.
6. **Collaborative Cyber Efforts:**
– The Chinese cyber threat landscape is characterized by collaboration among state actors (e.g., MSS, MPS) and private entities, complicating attribution and understanding their operational methods.
7. **Overall Insight:**
– Liminal Panda’s activities exploit trust relationships within telecommunications providers and security policy gaps, indicating a significant risk to the industry’s integrity and operational security.
**Action Items:**
– Continued monitoring of Liminal Panda and similar threat actors is essential.
– Implementing enhanced security measures and protocols within telecom infrastructures is critical to mitigate risks.