Sygnia reveals dangerous new cyber threat actor from China
- Sygnia revealed a new cybersecurity threat actor linked to China, named Weaver Ant, which breached a telecom company.
- Weaver Ant used compromised Zyxel routers and sophisticated web shells to access sensitive data while evading detection.
- This incident underscores the increasing sophistication of cyber threats, necessitating improved cyber defenses.
On March 24, 2025, Sygnia, a leading global cyber readiness and response team, announced the discovery of a new threat actor with ties to China, which has been named Weaver Ant. This revelation comes amid growing concerns about the sophistication of cyber threats emanating from the region. Weaver Ant has reportedly compromised Zyxel CPE home routers to infiltrate a telecom company, allowing them access to sensitive data. Additionally, the group has employed a novel web shell, 'INMemory', that permits malicious execution in memory, thus avoiding detection by conventional security measures. The investigation by Sygnia also uncovered variants of a well-known web shell, China Chopper, which enhances Weaver Ant's capability for remote access and control over compromised web servers. The presence of these advanced tools highlights a shift in the cyber threat landscape, as the methods used by overseas actors become increasingly effective at evading cybersecurity protocols. The situation was exacerbated as Sygnia identified that a disabled account had been re-enabled through previously unacknowledged points of access in the compromised network. Oren Biderman, the Incident Response and Digital Forensic Team Leader at Sygnia, emphasized the persistency and danger posed by nation-state threat actors like Weaver Ant. The actor's focus on critical infrastructure underscores the need for enhanced awareness and preparedness against such sophisticated cyber infiltrations. The continuing evolution of cyber tactics is evidenced by Weaver Ant's aggressive approach, adapting to the network environment to retain access and gather sensitive information without detection. As a consequence of these findings, Sygnia has ramped up its monitoring of Weaver Ant, following their attempts to regain access to the telecommunications network. This discovery signals a pressing need for organizations to bolster their cybersecurity defenses as threats become increasingly sophisticated and persistent in nature. In light of Sygnia's findings, the firm continues to advocate for comprehensive cyber resilience measures across industries to counter ongoing and emerging cyber threats.