Just a sample of the Echomail archive
Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.
| CONSPRCY | How big is your tinfoil hat? | 2,445 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 950 of 2,445 |
| Mike Powell to All |
| Chinese government hacker |
| 26 Mar 25 09:13:00 |
TZUTC: -0500 MSGID: 671.consprcy@1:2320/105 2c4944e8 PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0 TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0 BBSID: CAPCITY2 CHRS: ASCII 1 Chinese government hackers allegedly spent years undetected in foreign phone networks Date: Tue, 25 Mar 2025 16:04:00 +0000 Description: Weaver Ant used vulnerable Zyxel routers to access the networks, moving laterally to steal information. FULL STORY ====================================================================== - Security researchers Sygnia discover attack after responding to a separate incident - The attack was attributed to a Chinese state-sponsored threat actor - Weaver Ant group lurked for years, stealing sensitive data and moving laterally Chinese state-sponsored threat actors allegedly spent four years lurking in the IT infrastructure of a major Asian telecommunications provider, according to cybersecurity researchers Sygnia, which discovered the cyber-espionage campaign after responding to a separate incident. In a technical writeup, Sygnia said while investigating a separate forensic case, multiple security alerts flagged suspicious activity. Furthermore, a previously disabled account was re-enabled, raising even more suspicion. Digging deeper, the investigators found China Chopper web shells, as well as multiple other malicious payloads used for lateral movement and data exfiltration. "Incredibly dangerous" They concluded that the threat actors, named Weaver Ant, were Chinese, since their operational tactics, the use of China Chopper, ORB networks, and other tools, their working hours, and the choice of target (critical telecom infrastructure), all pointed to that conclusion. Sygnia did not want to disclose who that major Asian telecommunications company is, but said that the initial access vectors were vulnerable Zyxel routers. Furthermore, the company added other Southeast Asian telecom providers as victims, as well, since their compromised Zyxel routers were used in the attack. Weaver Ant managed to successfully maintain long-term access, exfiltrate sensitive data, while moving laterally across the companys systems, Sygnia concluded. The goal was espionage - to gather as much intelligence as possible, from critical infrastructure. Despite multiple attempts to remove them, Weaver Ant managed to persist, it was concluded. Nation-state threat actors like Weaver Ant are incredibly dangerous and persistent with the primary goal of infiltrating critical infrastructure and collecting as much information as they can before being discovered, said Oren Biderman, incident response leader at Sygnia. Weaver Ant maintained activity within the compromised network for over four years despite repeated attempts to eliminate them from compromised systems. The threat actor adapted their [tactics] to the evolving network environment, enabling continuous access to compromised systems and the collection of sensitive information. Via The Record ====================================================================== Link to news story: https://www.techradar.com/pro/security/chinese-government-hackers-allegedly-sp ent-years-undetected-in-foreign-phone-networks $$ --- SBBSecho 3.20-Linux * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105) SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30 SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664 SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45 SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35 PATH: 2320/105 229/426 |
(c) 1994, bbs@darkrealms.ca