South Asian and African telecommunications firms have been targeted by the newly discovered Chinese cyberespionage operation Liminal Panda in attacks exfiltrating subscriber data and network telemetry to facilitate further compromise since 2020, The Hacker News reports.
Intrusions by Liminal Panda, which had some components resembling those leveraged in LightBasin attacks, involved the utilization of the SIGTRANslator Linux ELF binary, network-scanning CordScan utility, and the PingPong backdoor, according to an analysis from CrowdStrike's Counter Adversary Operations team. Attackers have also engaged in password-spraying attacks to compromise external DNS servers. "Liminal Panda's known intrusion activity has typically abused trust relationships between telecommunications providers and gaps in security policies, allowing the adversary to access core infrastructure from external hosts," said researchers. Such a development comes amid mounting Chinese attacks against U.S. telecommunications entities, with T-Mobile, AT&T, Verizon, and Lumen Technologies reported to have been targeted by Salt Typhoon. Chinese advanced persistent threat groups were noted by Sekoia to be supported by state and private attackers.
