Sygnia details Weaver Ant tactics in battle against China-linked cyber threats on telecoms - #WeaverAnt
A sophisticated cyberattack on a major Asian telecommunication company by a China-nexus threat actor named Weaver Ant has been uncovered by security firm Sygnia. The attack, which persisted for over four years, utilized advanced web shell techniques, particularly China Chopper and INMemory, for persistence, lateral movement, and evasion of detection. Weaver Ant demonstrated exceptional stealth and persistence, employing tactics such as web shell tunneling, ETW patching, AMSI bypass, and executing PowerShell without PowerShell.exe. The group's activities align with China's cyber strategy, targeting specific industries and locations within the GMT +8 time zone. Despite eradication efforts, Weaver Ant attempted to regain access, highlighting the need for robust defense strategies against such sophisticated threats.