Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Chinese APT Group Targets Mobile Networks: FireEye Mandiant

New Malware 'Messagetap' Intercepts Communications for Espionage, Researchers Say
Chinese APT Group Targets Mobile Networks: FireEye Mandiant

The Chinese advanced threat group APT41 is using a new espionage tool to intercept SMS messages from specific phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant.

See Also: Check Kiting In The Digital Age

The campaign, dubbed Messagetap, targets the short message service center servers in mobile networks to monitor and save SMS traffic from specific phone numbers, which then can be used for other cyberthefts, the researchers say.

By accessing the international mobile subscriber identity number of a device, the attackers can then retrieve information such as the country and network code along with the details of the specific mobile device, according to the report.

"Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts," FireEye researchers Raymond Leong, Dan Perez and Tyler Dean write in a new blog. “The use of MESSAGETAP and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns observed by FireEye."

Nuanced Targeting

The malware APT41 is using is capable of performing highly targeted tasks, such as retrieving the keywords used within a device to determine a person's geopolitical interests, the researchers say.

"Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government," the researchers note. "If any SMS messages contained these keywords, MESSAGETAP would save the SMS message to a CSV file for later theft by the threat actor.”

Past Campaigns

Chinese APT groups are known for their complex cyberespionage campaigns carried against specific targets to compromise their systems and gain specific information.

In August, FireEye reported that APT groups were targeting cancer research organizations across the globe to steal their work (see: Chinese APT Groups Target Cancer Research Facilities: Report).

In another report, FireEye found that some members of APT41 had developed a side business targeting the global gaming industry for financial gain.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.