CrowdStrike Executive to Testify on Cyber Threats from China
/ 3 min read
Quick take - On November 19, 2024, Adam Meyers from CrowdStrike will testify before the U.S. Senate Judiciary Subcommittee regarding the cyber threats posed by the state-sponsored actor LIMINAL PANDA, which has been targeting telecommunications infrastructure since at least 2020, employing sophisticated tools for intelligence collection rather than financial gain.
Fast Facts
- Adam Meyers from CrowdStrike will testify on November 19, 2024, about cyber threats from China, focusing on the state-sponsored actor LIMINAL PANDA.
- LIMINAL PANDA, active since at least 2020, primarily targets telecommunications entities and employs custom tools for covert access and data exfiltration.
- The group demonstrates advanced knowledge of telecom networks, using compromised servers to execute intrusions across various regions, including southern Asia and Africa.
- CrowdStrike attributes certain intrusions to LIMINAL PANDA but expresses low confidence in directly linking the group to China, despite indicators like targeting related to China’s Belt and Road Initiative.
- Recommended defensive strategies against LIMINAL PANDA include advanced endpoint protection, complex password protocols, and stringent internal network access controls.
CrowdStrike’s Adam Meyers to Testify on Cyber Threats from China
On November 19, 2024, Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, will testify before the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law. The focus of the testimony will be on the increasing cyber threats from China targeting critical infrastructure, with particular emphasis on a state-sponsored actor known as LIMINAL PANDA.
Overview of LIMINAL PANDA
This event marks the first public discussion of LIMINAL PANDA, which has been active since at least 2020. The group primarily targets telecommunications entities and employs a range of custom tools designed for covert access, command and control (C2), and data exfiltration. LIMINAL PANDA demonstrates a sophisticated understanding of telecommunications networks, enabling it to utilize compromised telecom servers to execute intrusions into other providers across various geographic regions.
LIMINAL PANDA utilizes techniques that include emulating global system for mobile communications (GSM) protocols for C2 operations. The group has developed specialized tools to extract sensitive data, including mobile subscriber information, call metadata, and SMS messages. CrowdStrike’s analysis indicates that LIMINAL PANDA’s operations focus on intelligence collection rather than financial gain, positioning it as a significant threat to telecommunications entities.
Targeting and Attribution Challenges
The group has previously targeted providers in southern Asia and Africa, putting individuals in these regions at risk. CrowdStrike has attributed certain intrusions within the telecommunications sector to LIMINAL PANDA, distinguishing its activities from the LightBasin activity cluster, which has been operating since at least 2016.
Despite identifying these threats, CrowdStrike expresses a low confidence level in attributing LIMINAL PANDA’s activities directly to China. Factors such as the targeting of organizations linked to China’s Belt and Road Initiative and the use of Pinyin strings in associated malware are considered. Additionally, the infrastructure and domain names employed by the actor suggest a potential affiliation with Chinese-speaking individuals.
Defensive Strategies and Ongoing Monitoring
To combat the risks posed by LIMINAL PANDA, CrowdStrike recommends several defensive strategies for organizations. These include:
- Deploying advanced endpoint protection
- Implementing complex password protocols
- Minimizing publicly accessible services
- Enforcing stringent internal network access controls
- Logging SSH connections
- Utilizing file integrity checking mechanisms
CrowdStrike continues to monitor LIMINAL PANDA’s activities, with updates on its operational profile and tactics, techniques, and procedures (TTPs) available to Falcon® Adversary Intelligence Premium subscribers. Further resources are accessible for organizations seeking more information on adversaries tracked by CrowdStrike, which also offers threat intelligence solutions.
Original Source: Read the Full Article Here
