Russian Cyber Mercenaries Spied on European Government for Six Years

Chinese APT Weaver Ant Infiltrated Telco for Over Four Years

A sophisticated Chinese Advanced Persistent Threat (APT) group, known as Weaver Ant, has been detected infiltrating a telecommunications company for over four years, according to a report released by cybersecurity firm, Cyfirma.

The APT group, which is believed to be affiliated with the Chinese government, used a combination of phishing emails and exploit kits to gain initial access to the telco's network. Once inside, they deployed a range of malicious tools and techniques to move laterally and escalate privileges, ultimately gaining control of sensitive systems and data.

The infiltration is believed to have occurred in 2017, and the attackers remained undetected for over four years, making it one of the longest-running and most successful APT campaigns in recent history.

The attackers' primary goal was to gather intelligence on the telco's customers, including government officials and business leaders. They also sought to disrupt the company's operations and steal sensitive data, including financial information and intellectual property.

Cyfirma's researchers discovered the infiltration while conducting a penetration test for the telco. They found that the attackers had set up a command and control (C2) server on the company's network, which was used to send and receive malicious code and instructions.

The APT group used a range of techniques to evade detection, including the use of encryption, code obfuscation, and anti-forensic tools. They also exploited vulnerabilities in third-party software and used social engineering tactics to trick employees into installing malware or providing login credentials.

The discovery of the infiltration highlights the need for telecommunications companies to take a proactive approach to cybersecurity. It also underscores the importance of regular penetration testing and incident response planning to quickly detect and respond to APT attacks.

The Weaver Ant APT group is believed to be one of the most sophisticated and well-resourced APT groups in the world, with a history of targeting sensitive industries and organizations. The detection of their infiltration in the telco's network serves as a wake-up call for companies to prioritize their cybersecurity defenses and be prepared to respond to the ever-evolving threat landscape.