A sophisticated cyber-espionage operation, allegedly backed by China, was exposed, targeting telecommunications networks across Southeast Asia and Africa. The threat actor, dubbed Liminal Panda, has been active since 2020, exploiting the industry’s interconnected nature to spy on communications and potentially breach global networks.
Cybersecurity firm CrowdStrike says that Liminal Panda has developed advanced custom tools to intercept and collect sensitive information, including text messages and call metadata. Their methods leverage the interoperability of telecommunications networks, allowing breaches to cascade across multiple entities.
While evidence currently ties their activity to Southeast Asia and Africa regions, experts warn of broader implications.
“Liminal Panda’s tools are designed for bulk data collection and keyword-based searches, demonstrating a strategic approach to intelligence gathering,” said Adam Meyers, CrowdStrike’s Senior Vice President of Counter Adversary Operations.
The group’s tactics suggest it may target officials and individuals travelling through these regions, raising concerns about the scope and intent of their surveillance.
The hacking group’s activities come amid heightened concerns over China’s increasingly aggressive cyber tactics. These operations jeopardise global telecommunications infrastructure and diplomatic stability.
Liminal Panda’s ability to exploit telecommunication networks’ interconnectedness could extend its reach beyond its primary targets, potentially infiltrating networks worldwide.
CrowdStrike emphasises that Liminal Panda operates separately from the Salt Typhoon campaign, another China-linked operation targeting U.S. telecommunications providers. The latter campaign reportedly aimed at high-profile individuals, including President-elect Donald Trump and Vice President-elect J.D. Vance, and even intercepted audio from phone calls.
China’s intensified digital espionage aligns with its broader geopolitical ambitions, including its preparation for a potential invasion of Taiwan. Analysts believe such operations aim to gather critical intelligence on how the U.S. might respond to a conflict over Taiwan and disrupt global political stability, reports Axios.
“They can leverage access to advance their collection mandates in myriad ways, from surveilling officials to sowing digital chaos,” warns Meyers.
Meyers is set to testify before the Senate Judiciary Committee’s privacy subcommittee today, shedding more light on the activities of Liminal Panda and the broader landscape of Chinese cyber threats. This testimony is expected to underscore the urgency of fortifying telecommunications infrastructure against state-backed adversaries.
In the News: T-Mobile thwarts early-stage Chinese cyber intrusion