China-backed hackers stole text messages and phone records in push for intelligence, report says
A state-backed Chinese hacking group called APT41 were able to hack into telecommunications firms’ servers and steal the contents of text messages for intelligence that was of interest to Beijing, according to a new report from cybersecurity firm FireEye.
Bill Hinton Photography | Moment Open | Getty Images
State-backed Chinese hackers were able to hack into telecommunications firms and steal the contents of text messages of “geopolitical interest” to Beijing, according to a new report.
The group, known as APT41, used a malicious piece of software or malware dubbed “Messagetap” to access servers responsible for sending and storing text messages, cybersecurity firm FireEye said. The company did not disclose the name of the telecom company.
Once in, the malware would search the contents of text messages for keywords of “geopolitical interest to Chinese intelligence collection.” It would also search for specific phone numbers of certain people from a database that the hackers had and were targeting.
While FireEye did not disclose which countries or individuals were targeted, the revelation of the hacking campaign comes at a time of increased concern about China’s use of technology for espionage. The U.S. has accused telecommunications equipment maker Huawei of being a national security threat and suggested that its gear could be used for espionage purposes by Beijing. Huawei has repeatedly denied these allegations.
According to FireEye, some of the keywords being searched for included the names of political leaders, military and intelligence organizations, as well as “political movements at odds with the Chinese government.”
If a text message contained either the targeted phone number or a keyword, it would be saved and later stolen by the hackers.
‘Foreign’ individuals targeted
FireEye said it discovered instances of APT41 accessing records of call details which include a high-level overview of phone calls between individuals, such as time, duration and numbers. Those records targeted related to “foreign high-ranking individuals of interest to the Chinese intelligence services.”
APT41’s latest tool to steal the contents of text messages highlights the developing methods the group is using, FireEye said.
“The use of Messagetap and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns observed by FireEye,” the cybersecurity firm said.
“Strategic access into these organizations, such as telecommunication providers, enables the Chinese intelligence services an ability to obtain sensitive data at scale for a wide range of priority intelligence requirements.”
Dan Perez, one of FireEye’s researchers, said in a tweet that the hackers are not targeting a specific processing software, but instead are going after SMS network traffic at the carrier level. He explained that in theory, this would mean that any telecommunications company could be hit.