Chinese APT Group Targets Mobile Networks: FireEye Mandiant
The Chinese advanced threat group APT41 is using a new espionage tool to intercept SMS messages from specific phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant.
The campaign, dubbed Messagetap, targets the short message service centre servers in mobile networks to monitor and save SMS traffic from specific phone numbers, which then can be used for other cyber thefts, the researchers say.
By accessing the international mobile subscriber identity number of a device, the attackers can then retrieve information such as the country and network code along with the details of the specific mobile device, according to the report.
“Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts,” FireEye researchers Raymond Leong, Dan Perez and Tyler Dean write in a new blog. “The use of MESSAGETAP and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns observed by FireEye.”
The malware APT41 is using is capable of performing highly targeted tasks, such as retrieving the keywords used within a device to determine a person’s geopolitical interests, the researchers say.
“Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government,” the researchers note. “If any SMS messages contained these keywords, MESSAGETAP would save the SMS message to a CSV file for later theft by the threat actor.”
Chinese APT groups are known for their complex cyberespionage campaigns carried against specific targets to compromise their systems and gain specific information.
In August, FireEye reported that APT groups were targeting cancer research organizations across the globe to steal their work (see: Chinese APT Groups Target Cancer Research Facilities: Report).
In another report, FireEye found that some members of APT41 had developed a side business targeting the global gaming industry for financial gain.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of The Kootneeti Team