Chinese Weaver Ant hackers spied on telco network for 4 years

A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. Researchers investigating the intrusion found multiple variants of the China Chopper backdoor and a previously undocumented custom web-shell called ‘INMemory’ that executes payloads in the host’s memory. The threat actor targeted a major Asian telecommunications provider and proved to be resilient to multiple eradication attempts, according to the researchers at cyber technology and services company Sygnia. “Weaving” a network within the network Weaver Ant intrusions leveraged an operational relay box (ORB) network made primarily of Zyxel CPE routers to proxy traffic and conceal infrastructure. The threat actor established a foothold on the network by using an AES-encrypted variant of the China Chopper web shell, which allowed remote control of servers while bypas ... Read full article.