SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

CrowdStrike report reveals China-linked cyber threat actor

Wed, 20th Nov 2024

CrowdStrike has released a report exposing a threat actor, dubbed LIMINAL PANDA, which is believed to be linked to China and has been active in targeting the telecommunications sector.

Since at least 2020, this group has been implicated in cyber intrusions into telecommunications entities, demonstrating a sophisticated understanding of telecommunications networks and exploiting them using custom tools to gain access, establish command and control, and exfiltrate sensitive data.

The assessment by CrowdStrike indicates that LIMINAL PANDA operates with high confidence to support intelligence collection, leveraging trust relationships between providers to gain entry into core infrastructure more easily.

Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, is set to testify before the Senate Judiciary Subcommittee regarding Chinese cyber threats to critical infrastructure.

During his testimony, he will address LIMINAL PANDA's activities, marking the first public acknowledgment of this group's operations by CrowdStrike.

LIMINAL PANDA's tactics have included emulating global system for mobile communications (GSM) protocols, developing tools to gather mobile subscriber information, call metadata and text messages (SMS), and employing both custom malware and publicly available proxy tools for command and control communication.

CrowdStrike has identified this adversary partly through analysis of the LightBasin activity cluster, originally linked to various telecommunication intrusions since 2016. Recent findings attributed some of this activity to LIMINAL PANDA, distinct from LightBasin, clarifying the nature of this new cyber threat.

The tools used by LIMINAL PANDA include a mix of custom and public-domain proxy utilities.

These tools have been reported as having similarities to those utilized by known China-based threat actors.

Although its precise motives are still under examination, LIMINAL PANDA's activities align with those typical of state-linked operations, including intelligence gathering in support of national objectives, rather than financial gain.

Notably, the group has been targeting regions associated with China's Belt and Road Initiative, employing infrastructure commonly associated with China-nexus threats.

CrowdStrike has issued several recommendations to help organisations protect against such threats.

These include deploying advanced endpoint protection solutions and implementing secure authentication methods, regular monitoring of network traffic, and limiting public accessibility of sensitive services.

The company advises telecom providers to enhance their security protocols to prevent similar intrusions, reflecting the kind of advanced measures necessary to guard against state-sponsored threats like LIMINAL PANDA.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X