Sygnia Discovers New Active China-Nexus Threat Actor Weaver Ant
Sygnia, the foremost global cyber readiness and response team, revealed today a new China nexus threat actor, which the company has named Weaver Ant. To infiltrate the telecom company and gain access to sensitive data, Weaver Ant compromised Zyxel CPE home routers as an entry point into the victim's network. The APT also utilized a new web shell, dubbed 'INMemory' to enable in-memory execution of malicious modules while evading detection.
This press release features multimedia. View the full release here:
Web shell tunneling flow
As part of Sygnia's investigation into a separate threat actor, an account that was disabled by initial remediation efforts was re-enabled by a service account. Upon investigation, Sygnia determined that the account had been previously used by Weaver Ant. Notably, the activity originated from a server that had not been previously identified as compromised. This prompted a large-scale forensic investigation and as a result, Sygnia uncovered a variant of the China Chopper Web shell deployed on an internal server that had been compromised for several years.
'Nation-state threat actors like Weaver Ant are incredibly dangerous and persistent with the primary goal of infiltrating critical infrastructure and collecting as much information as they can before being discovered,' said Oren Biderman, Incident Response and Digital Forensic Team Leader at Sygnia. 'Multiple layers of web shells concealed malicious payloads, allowing the threat actor to move laterally within the network and remain evasive until the final payload. These payloads and their ability to leverage never-seen-before web shells to evade detection speaks to Weaver Ant's sophistication and stealthiness.'
How Weaver Ant Tunneled into Telco
The web shell hunt revealed two types of web shells in different variants. The first was classified by Sygnia as an encrypted China Chopper. China Chopper enabled Weaver Ant to gain remote access and control of web servers. Notably, variants of the China Chopper web shell support AES encryption of a payload, making it highly effective at evading detection at the Web Application Firewall level.
The second web shell, INMemory was discovered by Sygnia and had no publicly available references to any other known web shells. INMemory's leveraged just-in-time (JIT) compilation and execution of code at runtime to dynamically execute malicious payloads without having to write them onto the disk.
Biderman added, 'Weaver Ant maintained activity within the compromised network for over four years despite repeated attempts to eliminate them from compromised systems. The threat actor adapted their TTPs to the evolving network environment, enabling continuous access to compromised systems and the collection of sensitive information.'
Following the investigation and an extensive eradication effort, Sygnia continues to monitor Weaver Ant. The threat actor has already been detected attempting to regain access to the telecom company's network.
For the complete details, please see the associated report and technical annex.
Sygnia is the world's foremost cyber response and readiness expert. It applies creative approaches and bold solutions to each phase of an organization's security journey, meeting them where they are to ensure cyber resilience. Sygnia is the trusted advisor and service provider of leading organizations worldwide, including Fortune 100 companies. Sygnia is a Temasek company, part of the ISTARI Collective. For more about Sygnia, visit Sygnia.co.
SOURCE: Sygnia
Copyright Business Wire 2025.
PUB: 03/24/2025 04:00 AM/DISC: 03/24/2025 03:59 AM
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Wire
11 hours ago
- Business Wire
In a Time of Uncertainty for Higher Ed, MIT's Lori Glover Shares a Framework for Building Sustainable Partnerships
CAMBRIDGE, Mass.--(BUSINESS WIRE)--As colleges and universities face new challenges and shifting expectations, the Academic Leadership Group is hosting a timely session on how leaders can build lasting partnerships. As colleges face growing challenges, MIT's Lori Glover reveals a new framework to help higher ed leaders build lasting and effective partnerships. Share On Thursday, July 17, 2025, Lori Glover, Managing Director of Global Strategic Alliances at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), will share practical insights on designing durable, values-aligned collaborations. The session is part of ALG's Empowered Leader Webinar Series and is open to academic leaders across institutions. Drawing from her new book, Innovation Alchemy, Glover will introduce a clear framework for building partnerships that move beyond short-term gains. 'This is a chance to rethink how we engage across institutions and sectors,' said Lori Glover. 'Connecting industry and academia provides the fuel for the Innovation Supply Chain that enables economic growth and positive societal impact.' Glover has led many of MIT CSAIL's complex partnerships encompassing research, talent, professional programs, and the start-up ecosystem. She has a rare perspective on what works in high-stakes environments. 'Lori brings clarity to a space that often feels messy,' said Jennifer K. Stine, co-founder and president of the Academic Leadership Group, 'At a time when many are being asked to do more with less, her approach gives leaders a way forward that is strategic and actionable.'
Business Wire
13 hours ago
- Business Wire
Braskem Expands Its Own Fleet with the Vessel Brave Future and Strengthens its Global Logistics Strategy
SíO PAULO--(BUSINESS WIRE)--Braskem, (B3: BRKM3, BRKM5, and BRKM6; NYSE: BAK; LATIBEX: XBRK), a global pioneer in large-scale biopolymer production, celebrated the arrival of the Brave Future, its new vessel, today. The start of operations of the approximately R$ 500 million ship, which will operate on the route between the United States, Mexico, and Brazil, marks the expansion of the company's strategy to increase its logistics autonomy, reduce maritime transport costs, and strengthen global competitiveness. The christening ceremony was held in China at the YAMIC shipyard, the company responsible for building the vessel. The ethane carrier has a length of 188 meters, a capacity of 36,000 m³, and is capable of transporting cargo at temperatures as low as -104°C, it was financed by Ocean Yield and will be operated by the Hartmann Reederei. The vessel is equipped with a dual-fuel engine running on bunker oil and ethane. It boasts high fuel efficiency and a propulsion system with CO₂ emissions approximately 40% lower than the average fleet in operation. 'The Brave Future is a strategic asset that expands our autonomy in the area of logistics, which provides greater predictability to operations, and strengthens our position as a global leader in the petrochemical industry,' highlights Hardi Schuck, Director of Braskem Trading & Shipping (BT&S). Before the christening, the vessel underwent sea trials, a rigorous testing phase at sea that evaluates safety, speed, maneuverability, and equipment performance before the start of commercial operations. With the new vessel, Braskem now has two dedicated ethane carriers – the Brave Future and the Brilliant Future. In 2026, BT&S expects the delivery of four more ships to serve Braskem. This structure reinforces the company's commitment to innovative, sustainable logistics solutions aligned with the demands of global maritime trade. About Braskem Braskem is a global, human-oriented petrochemical company with a forward-looking approach, cultivating strong relationships and generating value for all. Offering sustainable chemical and plastic solutions to improve people's lives, the company has a comprehensive portfolio of plastic resins and chemical products for various sectors, including food packaging, civil construction, industrial, automotive, agribusiness, health, and hygiene, among others. Braskem believes that disruptive innovation is the only viable path to establishing a new relationship with the planet. Therefore, it chooses to act in the present by promoting plastic circularity and driving the revolution of bio-based materials. With 40 industrial units in Brazil, the USA, Mexico, and Germany, the company exports its products to customers in over 71 countries through its 8,500 team members who operate globally under a management model that demonstrates a commitment to ethics, compliance with regulations in all countries, and respect for responsible competitiveness. Braskem on English social media:
Business Wire
15 hours ago
- Business Wire
K1x Named to Selling Power's 2025 List of 60 Best Companies to Sell For Alongside Apple, Microsoft and Salesforce
MORRISTOWN, N.J.--(BUSINESS WIRE)-- K1x, the AI-powered platform transforming tax compliance for institutional filers, has been named to Selling Power magazine's 2025 list of the 60 Best Companies to Sell For. The recognition comes on the heels of the company's first-ever user conference, held June 24–25, which brought customers together to shape the future of the platform. K1x earned the distinction following Selling Power 's in-depth evaluation across five core categories: company overview, compensation and benefits, hiring, sales training and enablement, commitment to diversity and inclusion, and AI integration in sales processes. The annual ranking reflects excellence in both product strength and sales team support. 'For prospective employees, customers, and investors, this recognition is further proof that our product delivers measurable value—and that we've built the right culture to bring it to market,' said Ken Powell, Chief Revenue Officer at K1x. 'We're proud to be recognized and even more proud of the team behind this success.' Just weeks earlier, K1x hosted its first-ever user conference, a two-day in-person event focused on helping customers maximize the platform's capabilities while engaging directly with leadership and product teams. Clients participated in hands-on sessions, shared insights, and contributed to future product planning—underscoring the company's commitment to co-innovation and client success. 'The energy at the conference made it clear: our customers are passionate about K1x and deeply invested in our shared vision,' Powell added. 'That kind of engagement pushes us to keep delivering, evolving, and listening.' With growing adoption, continued product development, and national recognition for its sales culture, K1x enters the second half of 2025 with strong momentum. To view the full Selling Power list, visit Selling Power Magazine. About K1x K1x is the AI tax automation platform trusted by institutional filers to streamline compliance with complex forms such as K-1s, K-3s, 990s, and 1099s. By automating the extraction and distribution of tax data at scale, K1x reduces risk, improves accuracy, and accelerates reporting.
