<ul><li>Researchers report an offensive operation by the Weaver Ant group, a China-linked APT, targeting a telecommunications services provider in Asia for cyber-espionage.</li><li>Weaver Ant utilized sophisticated web shell tactics to infiltrate the network, using an unprovisioned ORB network and compromised Zyxel CPE routers for pivoting between telecoms.</li><li>The group deployed various payloads, including the China Chopper backdoor and a custom web shell called 'INMemory', to maintain persistence, facilitate lateral movement, and exfiltrate data.</li><li>To defend against Weaver Ant attacks, implementing internal network traffic controls, enabling logging, enforcing least privilege principles, and frequently rotating user credentials is recommended.</li></ul>

Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web Shells, Including China Chopper

Discover more