The Reveal Platform
Intel Name: The covert operator’s playbook: infiltration of global telecom networks
Date of Scan: July 30, 2025
Impact: Medium
Summary: An emerging threat cluster, tracked as CL-STA-0969, has been targeting telecommunications infrastructure in Southwest Asia. The activity involves compromising interconnected mobile roaming networks, though no data exfiltration or device tracking was confirmed. The threat actors demonstrated strong operational security and used defense evasion tactics to maintain stealth. They deployed specialized tools, such as Cordscan, which indicates an interest in collecting victim location data. This activity is assessed with high confidence to be linked to a nation-state and closely aligns with operations attributed to the adversary known as Liminal Panda.
