BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Chinese Hackers Lurked in Asian Telecom Network for 4+ Years, Report Shows

The threat actor, identified as "Weaver Ant," focused on gathering sensitive information while utilizing specialized web shell scripts to maintain covert access channels to compromised servers.

  • A China-based threat actor dubbed “Weaver Ant” maintained unauthorized access to an Asian telecom company’s network for over four years, according to Cybersecurity firm Sygnia.
  • The attackers utilized web shell scripts, including a variant of China Chopper, to create hidden communication channels and maintain persistent access while evading detection mechanisms.
  • This report aligns with recent assessments from CrowdStrike and Mandiant noting increased cyber espionage activities from China-nexus groups targeting strategic industries.

Cybersecurity researchers have discovered a sophisticated China-based Hacking operation that infiltrated and remained hidden within an Asian telecommunications provider’s systems for more than four years. The threat actor, identified as “Weaver Ant,” focused on gathering sensitive information while utilizing specialized web shell scripts to maintain covert access channels to compromised servers.

- Advertisement -

According to a report published Monday by cybersecurity firm Sygnia, the China-nexus threat actor maintained a persistent presence in the unnamed telecom company despite multiple attempts to remove them from the network.

The investigation revealed that Weaver Ant operated primarily during regular working hours in the GMT +8 time zone, avoiding weekends and holidays—a pattern consistent with state-sponsored operations. These Hackers focused on specific industries and geographic regions aligned with China’s strategic interests.

Sygnia’s security team discovered the intrusion after receiving alerts about suspicious activities from a previously disabled profile. This profile was located on a server that had not been previously identified as compromised and had been reactivated through a service account—an automated, privileged profile designed to perform background system tasks.

The attackers deployed malicious web shell scripts onto target servers, establishing command-and-control capabilities that allowed remote server management through text-based interfaces. These web shells created discrete communication tunnels between the threat actors and the compromised systems.

- Advertisement -

Two primary web shells were identified during the investigation. The first was a variant of China Chopper, which Mandiant had previously dubbed “a slick little web shell that does not get enough exposure and credit for its stealth.” The second, named “INMemory” by Sygnia, had no previous public references and enabled in-memory execution of malicious modules, making it particularly difficult to detect.

“The text-based payload is so simple and short that an attacker could type it by hand right on the target server—no file transfer needed,” explained the Google subsidiary Mandiant in its analysis of China Chopper.

The investigation uncovered dozens of similar web shells throughout the network, indicating an extensive and sophisticated operation focused on maintaining persistent access. The attackers used these tools not only to control compromised systems but also to move laterally across the network through what Sygnia described as an “intricate tunneling process.”

Weaver Ant employed clever evasion techniques, such as strategically placing keywords like “password,” “key,” and “pass” in their communications. These keywords triggered automatic redaction functions in the network’s firewall, making the stolen data difficult to monitor or analyze. The character limit on the affected network’s firewall solution further complicated Sygnia’s efforts to determine exactly what information had been compromised.

This report follows recent assessments by cyber defense firms CrowdStrike and Mandiant, both highlighting increased activity from China-nexus groups leveraging Artificial Intelligence and targeting outdated network infrastructure to gain unauthorized access to sensitive information.

The report notes that Weaver Ant specifically targeted compromised Zyxel CPE routers, which are commonly used by Southeast Asian telecommunications providers and manufactured in Taiwan. The group also utilized backdoors previously associated with Chinese advanced persistent threat (APT) actors identified by Cybereason and TrendMicro.

Despite Sygnia’s intervention and multiple eradication attempts, the threat actor has proven highly resilient. “The monitoring efforts proved effective—Weaver Ant were detected attempting to regain access to the victim’s network,” the report states. “Sygnia has been closely tracking and investigating their renewed activity.”

Sygnia plans to release a follow-up report detailing the Hacker group’s upgraded tactics and tools as they continue to monitor this persistent threat.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Musk directs Tesla to adopt Grok 4.5 for lower token costs

Elon Musk directed Tesla staff to adopt xAI's Grok 4.5, citing lower token costs...

Bitcoin Surges to $65K Amid Multiple Bullish Catalysts

Bitcoin rallied above $64,600 on July 10, climbing more than 15% from its July...

Kraken adds AI goal-based investing tools to mobile app

Kraken is adding AI-powered financial tools to its mobile app, letting users set goals...

Senate Dems demand hearings on Trump’s $1.2B crypto income

Senate Democrats are calling for hearings into President Trump’s crypto holdings after disclosures showed...

Kraken Relaunches App with AI Agentic Trading Before IPO

Kraken is preparing to relaunch its app with agentic AI trading tools to help...

Must Read

Top 8 Books Every Beginner Should Read About Cryptocurrency

Cryptocurrency and blockchain technology are filled with technical terms that beginners find challenging to understand. One of the best ways to learn about cryptocurrency...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading