There is a new malware in town dubbed MessageTap. The malware is designed to be installed on Short Message Service Center (SMSC) servers on a teleco’s network. It is a custom linux malware that can steal messages from a mobile operator’s network. The people behind the said malware has been said to be China’s state-sponsored hacking group.
MessageTap was detectedted by cyber-security FireEye on the network of a mobile operator earlier this year. The telco name has not been disclosed but it is certain that they were able to hack and plant the malware on th SMSC servers. It was devised to sniff incoming SMS messages and apply a set of filter rules.
Special keywords are being targetted and the SMS message will be set aside to be stolen at a later point.
“The keyword list contained items of geopolitical interest for Chinese intelligence collection,” FireEye said. “Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government.”
Second, MessageTap would also set SMS messages aside if they were sent from or to particular phone numbers, or from or to a device with a particular IMSI unique identifier. FireEye said the malware tracked thousands of device phone numbers and IMSI codes at a time.
FireEyeThe company’s analysts have come to a conclusion that it is the work of Chinese hacker group APT41.
APT41 develops malware for political cyber-expionage and financially motivated hacks for their own private benefits. There is also evidence that the hacked telco’s network had APT41 interact with their facilities and equipements according to their call detail record (CDR) database.
We have grabbed a screenshot coming from the FireEye report which shows how the malware works.
FireEye said APT41 queried for the “CDR records [that] corresponded to foreign high-ranking individuals of interest to the Chinese intelligence services.”
FireEye did not mention the hacked telco or the spied on targets. Reuters journalists said that MessageTap was related to China’s efforts to track its Uyghur minority, with some of these efforts involving hacking telcos to track Uyghur travelers’ movements.
How does this affect us? It is a major issue in the near future. This just proves that Chinese cyber-espionage is evolving to something bigger.
Chinese hacking groups were known for their smash-and-grab approach wherein which they pinpoint a target and once they get in, they grab as much data from the compromised computers.
APT41 is very precise, carefully plans and executes their malware scheme to targeted surveillance operations for targets they are aiming for.
It is different nowadays, Chinese hackers now target big tech companies like CCleaner and ASUS just to target a small subset of its customers. They are now becoming a powerhouse and gaining notoriety similar to US or Russia staged operations.
As per FireEye, they have confirmed that Chinese hackers are now going after telecom operations. A June 2019 Cybereason report states that Chinese government hackers had breached the networks of at least ten foreign mobile operators.