A major telecommunications company in Asia reportedly experienced a breach by Chinese state-sponsored hackers, known as the Weaver Ant. The attackers, described as stealthy and persistent, exploited a public-facing application to deploy two web shells, including an encrypted China Chopper and a new tool named INMemory. Their goal was cyber espionage through continuous access to the telecom provider's sensitive information. Notably, INMemory executes code in memory, avoiding traditional forensic detection methods, and enables a recursive HTTP tunnel for lateral movement within the network.
Using web shells and tunneling, the attackers maintained persistence and facilitated cyber espionage. The group aimed to gain and maintain continuous access to telecommunication providers and collect sensitive information.
'INMemory' is designed to decode a Base64-encoded string and execute it entirely in memory without writing it to disk, thereby leaving no forensic trail.
Collection
[
|
...
]