| Category | Details |
|---|---|
| Threat Actors | LIMINAL PANDA, associated with China-nexus cyber operations. |
| Campaign Overview | Active since at least 2020, LIMINAL PANDA targets telecommunications providers globally, using custom tools for covert access, C2, and intelligence collection, exploiting trust relationships between telecom entities. |
| Target Regions | Primarily Southern Asia and Africa; targets include telecom entities in countries aligned with China’s Belt and Road Initiative (BRI). |
| Methodology | Exploiting telecom infrastructure interconnectivity, emulating GSM protocols, developing tools for data exfiltration, and leveraging trust relationships for further access. |
| Products Targeted | Telecommunications networks, including core infrastructure supporting GSM protocols; subscriber data and call metadata systems. |
| Malware Reference | PingPong, CordScan, SIGTRANslator, publicly available tools (TinyShell, Fast Reverse Proxy, ProxyChains), and domains like wuxiapingg[.]ga associated with C2 infrastructure. |
| Tools Used | Cobalt Strike, Fast Reverse Proxy, TinyShell, custom GSM emulation tools, and proxy software like ProxyChains and Microsocks Proxy. |
| Vulnerabilities Exploited | Security policy gaps in telecom infrastructure, misuse of trust relationships, and poor SSH security practices. |
| TTPs | Long-term clandestine access, use of custom malware for C2 and SIGINT collection, leveraging publicly available tools, and targeting countries with strategic geopolitical significance. |
| Attribution | China-nexus attribution with low confidence due to use of Pinyin strings, domains, tools, and infrastructure associated with other known Chinese adversaries like SUNRISE PANDA and HORDE PANDA. |
| Recommendations | Deploy EDR solutions like CrowdStrike Falcon®, enforce strong password and SSH authentication policies, monitor and constrain network access, log SSH connections, verify firewall rules, and use file integrity monitoring on critical systems. |
| Source | CrowdStrike |
Read full article: https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply