BankInfoSecurity reports:
An apparent Chinese cyberespionage operation lurked inside the network of an Asian telecom for four years, camouflaging its presence through nested encryption and lightweight web shells.
Incident response firm Sygnia has uncovered the operation, dubbing the threat actor “Weaver Ant.” It exhibits several characteristics of a Chinese nation-state threat actor, including a wide reliance on the China Chopper web shell, a pattern of activities that match the Chinese time zone and holidays, and a backdoor that other security researchers have attributed to a Chinese group tracked as APT27 and Emissary Panda (see: US Seizes Chinese Hacker Infrastructure, Unseals Indictments).
They also used an operational relay box comprised of compromised Zyxel CPE routers to pivot from one compromised device in the telecom network to another telecom provider’s network (see: Chinese Cyberespionage Groups Tied to ORB Network Attacks).
Read more at BankInfoSecurity.
