A Chinese hacking group is reportedly utilizing malware to steal SMS messages from high ranking government and military officials. FireEye, a cybersecurity company, revealed its latest discovery in a blog post. The new malware is called MessageTap. It has been used by the China-linked hacking group APT41 to track and save SMS traffic from particular phone numbers, international mobile subscriber identity (IMSI) numbers, and from keywords that will be used in data theft and cyberattacks.

The cybersecurity company described the China-linked hacking group APT41 as cybercrime and dual espionage team known to execute cyberattacks allegedly on behalf of the Chinese government since 2012. FireEye discovered the existence of MessageTap in Aug 2019 when it was investigating a telecom company’s Short Message Service Center (SMSC) servers. These servers route SMS texts to designated recipients or store SMS until the recipient is online.

Apt41, according to FireEye, was able to utilize the malware and infected the SMSC Linux to obtain the massive volume of IMSI and phone numbers. The attack appears to have been politically motivated, considering that the attackers specifically looked for phone numbers of military and intelligence organizations, political leaders, and political movements that are opposing the Chinese government.

Cyber attack
The absence of end-to-end encryption among telecom companies was exploited by the Chinese Hacking Group APT41 group. bykst/Pixabay

Additionally, the attackers allegedly stole Call Detail Record (CDR) databases linked with high-ranking foreign officials that are of interest to the Chinese intelligence networks. The records enable the hackers to see the call recipients, time of call, duration, and phone numbers of the victims’ contacts. Meanwhile, with the use of MessageTap, hackers were able to view the contents of messages exchanged between targeted individuals.

The latest FireEye findings underline the increasing concerns on China’s use of technology for theft of intellectual property and espionage, Bloomberg observed. Telecommunications serve as a crucial concern with the US persuading its allies never to allow next-generation wireless connectivity networks with a tool from Chinese companies like Huawei. However, even though a particular country doesn't have a single network from Huawei or any other Chinese company, a sophisticated level of hacking operation could still be enabled to access sensitive data.

This year alone, the cybersecurity company discovered eight attempts to telecommunications units by groups with alleged links to the Chinese government. Four of these attempts were executed by APT41 using the MessageTap.

China Cybercrime Malware Huawei