Imagine an unwanted guest who settles into your home for years without you even noticing. This is similar to what happened to several Asian telecom operators, victims of a particularly discreet group of Chinese hackers. A silent intrusion that raises many questions about security. of our communications.
For four long years, a group of Chinese hackers called "Weaver Ant" managed the feat of being invisible at the very heart of the infrastructure of a major Asian telecom operator. This long-term infiltration, revealed by the cybersecurity company Sygnia, raises serious concerns about the vulnerability of communications networks to state espionage threats.
The affair came to light during a routine investigation conducted by Sygnia. Security experts discovered signs of activity suspicious activity, including the reactivation of a previously deactivated account. Digging deeper, they uncovered a veritable nest of digital spies.
Read also – Social networks are infested with hackers and this one takes the cake
A sophisticated and persistent infiltration
Weaver Ant's modus operandi demonstrates great sophistication. The hackers used various tools to maintain their presence in the network, including the famous "China Chopper", a backdoor popular with Chinese groups. Their ability to adapt to changes in the network environment allowed them to thwart several expulsion attempts. The initial infiltration was carried out via vulnerable Zyxel routers, not only at the targeted main operator, but also at other access providers in Southeast Asia. These compromised routers served as rebound points to mask the origin of the attacks, forming a complex network called "ORB" (Operational Relay Box).
The objective of this espionage campaign was clear: to collect as much sensitive information as possible about critical telecommunications infrastructure. The hackers were able to move laterally within the systems, accessing potentially strategic data.
Oren Biderman, an expert at Sygnia, highlights the danger posed by these state actors: "Their persistence and adaptability make them particularly formidable. They can remain hidden in the shadows for years, collecting crucial information."
Beyond In the specific case of this Asian operator, the incident serves as a reminder of the importance of constant vigilance in the field of cybersecurity. Companies and organizations must not only protect themselves against one-off attacks, but also be able to detect and eradicate long-term intrusions. These sometimes put millions of customers at risk.
0 Comments