- Sygnia security researchers discover the attack after responding to a separate incident
- The attack was attributed to a threat actor sponsored by the Chinese state
- Weaver Ant Group stalked for years, stealing confidential data and moving laterally
The threat actors sponsored by the Chinese state allegedly spent four years on the EM infrastructure of a “important” Asian telecommunications provider, according to cyber security researchers Sygnia, who discovered the cybernetic amateur campaign after responding to a separate incident.
In a technical writing, Sygnia said while investigating a separate forensic case, multiple security alerts marked suspicious activities. In addition, a previously disabled account was enabled again, which increased even more suspicions.
Excavating more deeply, the researchers found shells of the China helicopter website, as well as several other malicious useful charges used for lateral movement and data exfiltration.
“Incredibly dangerous”
They concluded that threat actors, called Weaver Ant, were Chinese, since their operational tactics, the use of China Chopper, Orb Networks and other tools, their work hours and the choice of Target (critical telecommunications infrastructure), all point to that conclusion.
Sygnia did not want to reveal who is that “important” Asian telecommunications company, but said the initial access vectors were vulnerable Zyxel routers.
In addition, the company added to other telecommunications suppliers of Southeast Asia as victims, since its committed Zyxel routers were used in the attack.
Weaver Ant managed to successfully maintain long -term access, confidential data, while moving laterally in the company’s systems, Sygnia concluded. The objective was espionage, gather as much intelligence as possible, critical infrastructure.
Despite multiple attempts to eliminate them, Weaver Ant managed to persist, it was concluded.
“The state-nation threat actors such as Weaver Ant are incredibly dangerous and persistent with the main objective of infiltrating critical infrastructure and collecting as much information as they can before being discovered,” said Oren Biderman, leader of response to incidents in Sygnia.
“Weaver Ant main [tactics] to the evolving network environment, allowing continuous access to committed systems and the collection of confidential information “.
Through The record
