Trends
Chinese hackers breached Asian telcos for years
What happened: Stealthy telecom espionage campaign exposed A Chinese-linked hacking group, dubbed Weaver Ant, secretly infiltrated several Asian telecommunications providers over a period of at least four years, according to a report by cybersecurity firm Sygnia. The attackers leveraged advanced tec…
Headline
What happened: Stealthy telecom espionage campaign exposed A Chinese-linked hacking group, dubbed Weaver Ant, secretly infiltrated several Asian telecommunications providers over a period of at least four years, according to a report by cybersecurity firm Sygnia. The attackers…
Context
A Chinese-linked hacking group, dubbed Weaver Ant, secretly infiltrated several Asian telecommunications providers over a period of at least four years, according to a report by cybersecurity firm Sygnia . The attackers leveraged advanced techniques, including encrypted tunnelling and web shells, to maintain persistence and avoid detection. The hackers used compromised Zyxel home routers across Southeast Asia as a relay network, effectively masking their origin. This enabled them to conduct long-term espionage operations, harvest credentials, and monitor internal network activity. The attackers also deployed a previously undiscovered web shell named INMemory, which executes payloads directly in server memory, leaving little forensic trace.
Evidence
Pending intelligence enrichment.
Analysis
Sygnia’s investigation revealed that Weaver Ant utilised a non-provisioned operational relay box (ORB) network to proxy malicious traffic, further concealing its infrastructure. The group also demonstrated a high level of adaptability, pivoting from one telecom provider to another through compromised devices, evading security measures along the way. The breach came to light accidentally during an unrelated Sygnia investigation, when a previously disabled account was reactivated by a service account. This reactivation led analysts to uncover the larger espionage campaign, confirming Weaver Ant’s extensive access across multiple telecom networks. Also read: Telcos at a crossroads: Google Cloud’s AI call to action Also read: NVIDIA AI: Revolutionising telcos with AI-RAN and GenA I The revelation of this campaign highlights the vulnerability of critical telecom infrastructure to prolonged cyberespionage operations. Telecom providers, being central to communications, are lucrative targets for nation-state actors seeking intelligence on government, business, and individual activities.
Key Points
- Weaver Ant group infiltrated telecom providers using stealthy techniques.
- The campaign remained undetected for over four years.
Actions
Pending intelligence enrichment.
