Summary: A China-linked advanced threat group named Weaver Ant infiltrated a telecommunications provider for over four years, utilizing compromised Zyxel routers and advanced tactics for data exfiltration and remote access. They employed a custom web shell called INMemory and sophisticated methods like web shell tunneling to maintain control and evade detection. The operation highlights the persistence and capabilities of state-sponsored actors in executing prolonged cyber espionage campaigns.
Affected: Telecommunications services provider
Keypoints :
- Weaver Ant used compromised Zyxel CPE routers to create a hidden operational relay box network.
- The group implemented advanced techniques such as web shell tunneling to redirect traffic and enhance stealth.
- Research indicates a focus on credential harvesting and network intelligence, consistent with state-sponsored objectives.
- Defensive recommendations include applying least privilege principles, enabling comprehensive logging, and rotating user credentials.