New Chinese Cyber Threat 'Liminal Panda' Targets Telecoms to Extract Phone Data
A clandestine cyber threat actor, identified as Liminal Panda, has reportedly been infiltrating telecommunications networks in Asia and Africa for more than four years. Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike, disclosed these activities during a testimony before the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law on November 19, highlighting the risks posed by China-backed cyber operations to critical infrastructure.
Tactics of Liminal Panda
Active since 2020, Liminal Panda employs sophisticated network-based attacks to siphon off SMS messages, unique identifiers, and metadata from mobile phones. These efforts seem directed toward serving the political and economic interests of the Chinese state. Unlike typical cyberattacks that might target transmission towers, Liminal Panda focuses on the IT infrastructure of telecom operators. According to Meyers, the group's strategy involves penetrating telco networks through gateway routers to access these legacy IT systems, where they can extract sensitive call and text records. Liminal Panda's malware manipulates the interim steps between mobile towers and the telecommunications core systems, effectively capturing data during routine SMS routing processes. Their command-and-control (C2) infrastructure, which mirrors the Global System for Mobile Communications (GSM) standard, enables effective data exfiltration across the globe.
Crossing Network Barriers
Liminal Panda's operations are notable for their ability to traverse between telecommunications providers seamlessly. Meyers emphasized that the interconnectedness of global telecom infrastructure, essential for maintaining user interoperability across regions, can also be exploited by adept threat actors. Employing both a deep understanding of industry-specific protocols and abusing the Domain Name System (DNS), Liminal Panda establishes numerous pathways between different providers to ensure persistent access to targeted networks.
Potential Motivations and Implications
China has historically used telecommunication breaches to surveil a wide array of targets such as foreign officials, political dissidents, journalists, and academics. Meyers suggested that, if associated with the Chinese government, Liminal Panda’s activities could support dual objectives of surveillance and economic intelligence, often aligned with national strategies like the Belt and Road Initiative and Made in China 2025. Meyers commented on the potential economic espionage motivations, underlining the strategic importance of accessing sensitive communications during business negotiations or politically sensitive interactions. This capability provides a tactical advantage in both economic initiatives and political maneuvers. In conclusion, the revelations about Liminal Panda underscore the evolving landscape of cyber threats targeting telecommunications infrastructure, with significant geopolitical and commercial implications.
The link has been copied!
