IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Network Security
#
Cybersecurity

CrowdStrike report reveals China-linked cyber threat actor

Today
Author image
By Melania Watson, Interview Editor

CrowdStrike has released a report exposing a threat actor, dubbed LIMINAL PANDA, which is believed to be linked to China and has been active in targeting the telecommunications sector.

Since at least 2020, this group has been implicated in cyber intrusions into telecommunications entities, demonstrating a sophisticated understanding of telecommunications networks and exploiting them using custom tools to gain access, establish command and control, and exfiltrate sensitive data.

The assessment by CrowdStrike indicates that LIMINAL PANDA operates with high confidence to support intelligence collection, leveraging trust relationships between providers to gain entry into core infrastructure more easily.

Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, is set to testify before the Senate Judiciary Subcommittee regarding Chinese cyber threats to critical infrastructure.

During his testimony, he will address LIMINAL PANDA's activities, marking the first public acknowledgment of this group's operations by CrowdStrike.

LIMINAL PANDA's tactics have included emulating global system for mobile communications (GSM) protocols, developing tools to gather mobile subscriber information, call metadata and text messages (SMS), and employing both custom malware and publicly available proxy tools for command and control communication.

CrowdStrike has identified this adversary partly through analysis of the LightBasin activity cluster, originally linked to various telecommunication intrusions since 2016. Recent findings attributed some of this activity to LIMINAL PANDA, distinct from LightBasin, clarifying the nature of this new cyber threat.

The tools used by LIMINAL PANDA include a mix of custom and public-domain proxy utilities.

These tools have been reported as having similarities to those utilized by known China-based threat actors.

Although its precise motives are still under examination, LIMINAL PANDA's activities align with those typical of state-linked operations, including intelligence gathering in support of national objectives, rather than financial gain.

Notably, the group has been targeting regions associated with China's Belt and Road Initiative, employing infrastructure commonly associated with China-nexus threats.

CrowdStrike has issued several recommendations to help organisations protect against such threats.

These include deploying advanced endpoint protection solutions and implementing secure authentication methods, regular monitoring of network traffic, and limiting public accessibility of sensitive services.

The company advises telecom providers to enhance their security protocols to prevent similar intrusions, reflecting the kind of advanced measures necessary to guard against state-sponsored threats like LIMINAL PANDA.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Palo Alto Networks predicts AI & cybersecurity merge by 2025
Leostream supports HP customers amid Tera 2 end-of-life
FPT & Ericsson partner to boost 5G in Vietnam
Gallagher partners with Chubb China for growth strategy
El Capitan: world's fastest exascale supercomputer debuts
Top stories
NESIC partners with Cloudbrink for improved network access
Microsoft 365 Copilot enhanced with AI & new features
Neo4j surpasses USD $200m ARR, eyes further AI growth
Teradata AI Unlimited platform launches on Microsoft Fabric
Splunk launches enterprise offerings on Microsoft Azure