Summary: Sygnia reported on a sophisticated cyberattack by a China-nexus threat actor named Weaver Ant targeting a major telecommunications company in Asia. The group utilized complex methods, including web shell tunneling and advanced evasion techniques, to maintain persistent access for espionage purposes. Their persistent approach integrated multiple web shell types and various stealth techniques, demonstrating high adaptability and evasion from detection mechanisms.
Affected: Major telecommunication company in Asia
Keypoints :
- The threat actor, Weaver Ant, relied heavily on encrypted web shells and tunneling techniques to maintain persistent access and evade detection.
- Utilized a mix of China Chopper and INMemory web shells to execute commands and conduct reconnaissance without detection.
- Demonstrated exceptional persistence by maintaining network access for over four years, adapting tactics and tools while evading security measures.
Source: https://securityonline.info/china-chopper-inmemory-weaver-ants-arsenal-of-advanced-web-shells/