CrowdStrike, a prominent security provider, recently caught the attention of the public due to a major security breach. Despite the negative publicity, the company was invited to present before the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on November 19, 2024, to discuss Chinese cyber threats to critical infrastructures.
During the presentation, Adam Meyers, the Senior Vice President of Counter Adversary Operations at CrowdStrike, publicly spoke about a state-sponsored actor from China known as LIMINAL PANDA. This group has been targeting telecom providers in Asia and Africa since at least 2020, aiming to gain covert access, control, and data exfiltration using custom tools and extensive knowledge of mobile networks and GSM protocols.
LIMINAL PANDA’s primary objective is to collect subscriber data, call metadata, and text messages for intelligence gathering purposes. Additionally, the group conducts targeted intrusions to gather information to support their long-term covert access strategy.
CrowdStrike suspects that LIMINAL PANDA is linked to Chinese cyber operations and the strategic goals of the Belt and Road Initiative (BRI). This assumption is based on various clues, such as Chinese Pinyin strings and the use of common tools and infrastructure with other China-related groups.
According to Adam Meyers, the attackers not only possess comprehensive knowledge of telecom networks but also understand the relationships between providers. With this knowledge, the group compromised telecom servers to infiltrate additional providers in different geographical regions.
The Chinese actors exploit mobile protocols, such as emulating GSM protocols, to establish command and control (C2) and develop tools for accessing information about mobile subscribers, call metadata, and text messages (SMS).
In light of these revelations, cybersecurity experts are concerned about the potential impact of such sophisticated attacks on critical infrastructure. As technology continues to advance, it is essential for companies and governments to remain vigilant against evolving cyber threats.
The rise of state-sponsored cyber espionage poses a significant challenge to global security, highlighting the need for international cooperation and robust cybersecurity measures. As nations strive to protect their critical infrastructure and sensitive data, staying ahead of cyber adversaries becomes imperative in an increasingly interconnected world.
The insights shared by CrowdStrike shed light on the complex nature of modern cyber threats and the importance of proactive defense strategies. By raising awareness about the tactics and capabilities of threat actors like LIMINAL PANDA, organizations can better prepare and defend against potential cybersecurity breaches.