FlagThis

A China-linked advanced persistent threat (APT) group, known as Weaver Ant, has been discovered to have infiltrated the network of a major telecommunications services provider in Asia for over four years. The attackers managed to maintain a stealthy presence by compromising Zyxel CPE routers to conceal their traffic and infrastructure. This prolonged access allowed Weaver Ant to conduct extensive cyber espionage operations, highlighting the persistent nature of state-sponsored cyber threats.

Chinese Weaver Ant hackers utilized advanced techniques, including web shells and tunneling, to establish long-term access to the telco's network. A key element of their operation involved using compromised Zyxel CPE routers to hide traffic and infrastructure. The APT group employed an encrypted variant of the China Chopper web shell, along with a custom-built web shell named INMemory, to further enhance their ability to remain undetected while exfiltrating data and maintaining control over compromised systems. The Sygnia report also mentioned the use of a 'Web Shell Whisperer' that uses shells and tunnels to maintain access.

ImgSrc: securityaffairs

References :

• securityaffairs.com: Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
• The DefendOps Diaries: Explore the Weaver Ant cyber espionage campaign targeting telecom networks with advanced techniques and stealthy operations.
• BleepingComputer: Chinese Weaver Ant hackers spied on telco network for 4 years
• ciso2ciso.com: Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation
• www.scworld.com: China-nexus advanced persistent threat Weaver Ant has compromised a major Asian telecommunications services provider's network with web shells and various payloads for more than four years as part of its cyberespionage efforts, according to Security Affairs.
• The Hacker News: The Hacker News details the critical security flaws and potential impacts.
• BleepingComputer: A recent cybersecurity investigation by Sygnia has exposed a sophisticated operation orchestrated by a China-nexus threat actor dubbed "Weaver Ant." This APT group has utilized web shells and tunneling techniques to maintain long-term access to a major Asian telecommunications provider, highlighting their persistent and stealthy approach to cyber espionage.
• : Sygnia uncovered Weaver Ant, a Chinese threat actor that conducted persistent cyberespionage by spying on telecommunications networks for an extended period.
• The Stack: A significant breach of a major telecommunications company in Asia has been revealed by incident response firm Sygnia. The breach lasted over four years and involved China-nexus advanced persistent threat Weaver Ant, whose attacks were so effective they remained undetected for a lengthy time.
• Industrial Cyber: Sygnia details Weaver Ant tactics in battle against China-linked cyber threats on telecoms
• PCMag UK security: Chinese Hackers Remained Inside an Asian Telecom Firm for 4+ Years
• MSSP feed for Latest: Weaver Ant used web shells and various payloads to attack the Chinese telecom for more than four years.
• www.scworld.com: Chinese hackers spend years roaming telecommunications service
• Metacurity: Sygnia has uncovered the Weaver Ant group's cyberespionage methods and tactics which demonstrated persistent access to a major Asian telecommunications provider's network for over four years.
• www.techradar.com: Information about the cyberespionage campaign targeting Asian telecom companies.

Classification:

• HashTags: #APT #CyberEspionage #WeaverAnt
• Company: telecommunications provider
• Target: telecommunications provider
• Attacker: Weaver Ant
• Product: Zyxel CPE routers
• Feature: web shell
• Type: Espionage
• Severity: Major