A Thursday report by FireEye details how Chinese state-sponsored hacking group APT41 has been intercepting SMS traffic using a new malware strain called MESSAGETAP. APT41 has been linked to cyber espionage campaigns as well as financially-motivated attacks from 2012 onward.
MESSAGETAP is designed to target Linux servers used by telecommunications companies for routing SMS traffic. The malware is capable of intercepting SMS messages passing through infected servers in order to extract the contents as well as source and destination phone numbers and IMSI numbers that uniquely identify users of cellular networks. MESSAGETAP intercepts traffic based on specific MSI numbers, phone numbers and keywords that are listed in two configuration text files supplied by the attackers. FireEye said that it “also identified the threat actor interacting with call detail record (CDR) databases to query, save and steal records,” which “corresponded to foreign high-ranking individuals of interest to the Chinese intelligence services.”
Read more: Chinese Cyberspies Use New Malware to Intercept SMS Traffic at Mobile Operators