Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation www.sygnia.co/threat-re…

Sygnia details Weaver Ant, a China-nexus threat actor infiltrating a major telecom provider. Using web shells and tunneling, the attackers maintained persistence and facilitated cyber espionage. This blog explores their tactics and provides key defense strategies against state-sponsored threats.

Sygnia responded to a stealthy and highly persistent China-nexus threat actor operation targeting a major telecommunication company in Asia.

Based on their analysis, they assess that the group behind this intrusion —tracked by Sygnia as Weaver Ant— aimed to gain and maintain continuous access to telecommunication providers and facilitate cyber espionage by collecting sensitive information.

This blog explores the threat actor’s modus operandi, highlighting their use of web shells and web shell tunneling as primary tools for maintaining persistence and enabling lateral movement throughout their operations.