Telecommunications organizations in Southeast Asia faced targeted attacks by state-sponsored actor CL-STA-0969, who sought remote control of compromised networks. Observations noted by Palo Alto Networks Unit 42 indicate structured incidents between February and November 2024, focusing on critical telecommunications infrastructure. The group utilized various tools for remote access and deployed Cordscan for mobile device location data collection. Despite the sophisticated operational security measures taken, an investigation revealed no evidence of data extraction or mobile network tracking efforts. CL-STA-0969 closely aligns with Liminal Panda and exhibits overlaps with other threat actors like LightBasin and UNC1945, known for targeting the telecom sector.
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
The threat actor behind CL-STA-0969 maintained high operational security (OPSEC) and employed various defense evasion techniques to avoid detection.
Palo Alto Networks Unit 42 observed multiple incidents in the region, including an attack aimed at critical telecommunications infrastructure between February and November 2024.
CL-STA-0969 shares significant overlaps with a cluster tracked by CrowdStrike under the name Liminal Panda, attributed to espionage attacks against telecommunications entities since at least 2020.
Collection
[
|
...
]