1. Forum
  2. FidoNet
  3. CONSPRCY

  • Chinese government hacker

    From Mike Powell@1:2320/105 to All on Wed Mar 26 09:13:00 2025
    Chinese government hackers allegedly spent years undetected in foreign phone networks

    Date:
    Tue, 25 Mar 2025 16:04:00 +0000

    Description:
    Weaver Ant used vulnerable Zyxel routers to access the networks, moving laterally to steal information.

    FULL STORY ======================================================================
    - Security researchers Sygnia discover attack after responding to a separate incident
    - The attack was attributed to a Chinese state-sponsored threat actor
    - Weaver Ant group lurked for years, stealing sensitive data and moving laterally

    Chinese state-sponsored threat actors allegedly spent four years lurking in
    the IT infrastructure of a major Asian telecommunications provider, according to cybersecurity researchers Sygnia, which discovered the cyber-espionage campaign after responding to a separate incident.

    In a technical writeup, Sygnia said while investigating a separate forensic case, multiple security alerts flagged suspicious activity. Furthermore, a previously disabled account was re-enabled, raising even more suspicion.

    Digging deeper, the investigators found China Chopper web shells, as well as multiple other malicious payloads used for lateral movement and data exfiltration.

    "Incredibly dangerous"

    They concluded that the threat actors, named Weaver Ant, were Chinese, since their operational tactics, the use of China Chopper, ORB networks, and other tools, their working hours, and the choice of target (critical telecom infrastructure), all pointed to that conclusion.

    Sygnia did not want to disclose who that major Asian telecommunications
    company is, but said that the initial access vectors were vulnerable Zyxel routers.

    Furthermore, the company added other Southeast Asian telecom providers as victims, as well, since their compromised Zyxel routers were used in the attack.

    Weaver Ant managed to successfully maintain long-term access, exfiltrate sensitive data, while moving laterally across the companys systems, Sygnia concluded. The goal was espionage - to gather as much intelligence as
    possible, from critical infrastructure.

    Despite multiple attempts to remove them, Weaver Ant managed to persist, it
    was concluded.

    Nation-state threat actors like Weaver Ant are incredibly dangerous and persistent with the primary goal of infiltrating critical infrastructure and collecting as much information as they can before being discovered, said Oren Biderman, incident response leader at Sygnia.

    Weaver Ant maintained activity within the compromised network for over four years despite repeated attempts to eliminate them from compromised systems.
    The threat actor adapted their [tactics] to the evolving network environment, enabling continuous access to compromised systems and the collection of sensitive information.

    Via The Record

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chinese-government-hackers-allegedly-sp ent-years-undetected-in-foreign-phone-networks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)