CrowdStrike Unveils New Chinese Cyber Espionage Group Liminal Panda
CrowdStrike has identified a new Chinese state-sponsored cyber espionage group, Liminal Panda, responsible for multiple intrusion campaigns targeting telecommunications providers in South Asia and Africa since 2020. The group's motivations are believed to be signals intelligence (SIGINT) collection, not financial gain.
Liminal Panda has been active since at least 2020 and was likely behind intrusion campaigns previously attributed to LightBasin. The group's activity is characterized by abusing trust relationships and security policy gaps to access core infrastructure. It uses various tools for covert access, command and control, and data exfiltration, demonstrating extensive knowledge of telecom networks.
The group targets telecom providers in countries associated with China's Belt and Road Initiative, aiming to collect network telemetry and subscriber information. CrowdStrike attributes Liminal Panda's activity to a China-nexus based on similarities with other Chinese cyber espionage groups, such as Salt Typhoon, which have also targeted telecom providers in various regions.
To protect against Liminal Panda's activity, CrowdStrike recommends implementing complex password strategies, minimizing accessible services, enforcing internal access controls, logging SSH connections, verifying iptables rules, and employing file integrity checking. The discovery of Liminal Panda underscores the ongoing threat posed by state-sponsored cyber espionage groups targeting critical infrastructure.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- EU Fights Surge in Cyber Threats Targeting Energy Infrastructure
