Chinese Hackers Steal SMS Messages from Telecom Networks
Cybersecurity experts at FireEye have discovered malware called Messagetap, developed by Chinese government-backed hackers. This malicious software targets Linux machines and is designed to be installed on SMSC (Short Message Service Center) servers, which are responsible for handling SMS traffic within telecom networks. The malware enables attackers to “listen in” on SMS messages by applying a set of specific filters.
Researchers found Messagetap on the network of an unnamed mobile operator earlier this year. The exact method of infection was not disclosed.
The malware can “store” SMS messages for later theft if the message body contains certain keywords. According to FireEye, these keywords included various topics of geopolitical interest to Chinese intelligence agencies, such as the names of political leaders, military and intelligence organizations, and political movements.
Messagetap also targets messages sent to or from specific phone numbers, as well as particular devices based on their IMSI (International Mobile Subscriber Identity). At the time of discovery, the malware was tracking thousands of phone numbers and IMSIs simultaneously.
Experts link Messagetap to the relatively “young” Chinese hacker group APT41. FireEye previously reported that this group is unique because, in addition to political espionage, it also conducts financially motivated operations—likely carried out by group members for personal gain.
Analysts noted that, within the compromised mobile operator’s network, the attackers also accessed the call detail record (CDR) database. CDRs are logs of telecom equipment activity that include detailed information about calls. The hackers requested CDRs related to foreign high-ranking individuals of interest to Chinese intelligence services.
While FireEye did not disclose the name of the affected company, Reuters reported that Messagetap activity is linked to Chinese government efforts to monitor the Muslim Uyghur minority, who primarily live in the Xinjiang province.