From b287cdc866df321457580f1acb1174f0a80e5314 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 20 Dec 2024 02:55:34 -0800
Subject: [PATCH] [threat-actors] Add Liminal Panda

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0dc7848..60a03b0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17573,6 +17573,17 @@
       },
       "uuid": "cbdf8d63-c114-47d5-8f32-f87f365c7c43",
       "value": "UNC2465"
+    },
+    {
+      "description": "LIMINAL PANDA is a China-nexus APT that targets telecommunications entities, employing custom malware and publicly available tools for covert access, C2, and data exfiltration. The adversary demonstrates extensive knowledge of telecom networks, utilizing GSM protocols to retrieve mobile subscriber information and call metadata. LIMINAL PANDA exploits trust relationships and security gaps between providers to access core infrastructure, indicating a focus on SIGINT collection rather than financial gain. Their intrusion activity has primarily affected telecom providers in southern Asia and Africa, with potential for broader targeting based on network configurations.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/"
+        ]
+      },
+      "uuid": "e7a64fd7-5d30-47ec-b9f6-8c555e5f319f",
+      "value": "Liminal Panda"
     }
   ],
   "version": 321