A new report by cybersecurity firm Sygnia reveals that a Chinese-linked hacking group secretly broke into major Asian telecom networks.
Weaver Ant Hackers Spied on Asian Telecoms in Secret
The group, called Weaver Ant, stayed hidden for several years. They used advanced techniques to avoid being caught. The hackers stole sensitive data, spied on internal systems, and took user credentials. They carried out all of this without anyone detecting them.
The investigation found that the hackers stayed inside one major Asian telecom provider for over four years. They used web shells and encrypted tunnels to move around. These methods helped them avoid suspicion and stay hidden.
Weaver Ant’s attack shows how hackers can break into critical systems and stay hidden. They can steal valuable data for a long time. This makes it very hard for companies to find them.
Hackers Used Home Routers to Hide Their Tracks
To stay hidden, Weaver Ant used a clever trick. They took over home routers that people use for the internet. The hackers targeted Zyxel routers in homes across Southeast Asia. These hacked routers became secret pathways. They let the hackers move their data without being noticed.
Instead of attacking from their own computers, Weaver Ant used hacked routers. This hid their real location. They bounced their activity through this network of routers. This made it almost impossible to trace them.
Sygnia found something even more worrying. The hackers used a hidden network of devices called an Operational Relay Box (ORB) network. It worked like a relay station, hiding their movements. This made it even harder for telecom providers to spot the attack.
Advanced Hacking Tools Made Detection Difficult
One of the most alarming finds was Weaver Ant’s use of “INMemory” web shells. These are small, harmful scripts placed on web servers. Unlike regular web shells, INMemory shells leave no traces on the hard drive. They run only in the server’s memory.
Since they leave no files, these memory-based shells are harder to spot. This made it tougher for security teams to detect them. It let Weaver Ant move around unseen. They stole data and spied on the network for years.
To make things worse, the hackers used many layers of web shells. This made their attack more complex and harder to find. Each layer hid the next one. This let the hackers move sideways through the network. They could jump between systems without being caught.
The report showed that Weaver Ant used encrypted versions of China Chopper. This is a web shell often used by Chinese hackers. It let them control infected servers from far away. They used it to spy on networks.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
The Attack Was Uncovered by Chance
Surprisingly, Sygnia found Weaver Ant by accident. They were investigating another attack. Analysts saw that a disabled account was suddenly reactivated. This was strange and suspicious.
When they looked closer, they saw the account belonged to Weaver Ant. The hackers were still inside the network.
Even worse, Sygnia found that the hackers had been inside for years. Further analysis showed that they broke in long ago. However, their advanced tools and techniques kept them hidden.
The report also pointed out that Weaver Ant’s activities are part of a larger wave of attacks by Chinese-linked groups targeting telecom providers worldwide. In late 2024, China-based hacking groups attacked major telecom companies such as Verizon, AT&T, T-Mobile, and Lumen.
These attacks even targeted high-profile individuals, including US presidential candidates, by compromising their mobile devices. The Weaver Ant case highlights the growing danger of nation-state-sponsored hacking groups. Their ability to remain hidden for years shows just how vulnerable even large telecom companies can be.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
