Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Chinese APT Group Targets Mobile Networks: FireEye Mandiant
New Malware 'Messagetap' Intercepts Communications for Espionage, Researchers SayThe Chinese advanced threat group APT41 is using a new espionage tool to intercept SMS messages from specific phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The campaign, dubbed Messagetap, targets the short message service center servers in mobile networks to monitor and save SMS traffic from specific phone numbers, which then can be used for other cyberthefts, the researchers say.
By accessing the international mobile subscriber identity number of a device, the attackers can then retrieve information such as the country and network code along with the details of the specific mobile device, according to the report.
"Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts," FireEye researchers Raymond Leong, Dan Perez and Tyler Dean write in a new blog. “The use of MESSAGETAP and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns observed by FireEye."
Nuanced Targeting
The malware APT41 is using is capable of performing highly targeted tasks, such as retrieving the keywords used within a device to determine a person's geopolitical interests, the researchers say.
"Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government," the researchers note. "If any SMS messages contained these keywords, MESSAGETAP would save the SMS message to a CSV file for later theft by the threat actor.”
Past Campaigns
Chinese APT groups are known for their complex cyberespionage campaigns carried against specific targets to compromise their systems and gain specific information.
In August, FireEye reported that APT groups were targeting cancer research organizations across the globe to steal their work (see: Chinese APT Groups Target Cancer Research Facilities: Report).
In another report, FireEye found that some members of APT41 had developed a side business targeting the global gaming industry for financial gain.