APT hacking groups increasingly targeting telecoms: researchers

1 min read

China’s state-backed hackers are targeting telecommunication companies using malware, allowing them to steal text messages and communications metadata en masse, cybersecurity researchers have found.

Why it matters: The hackers are part of a collective dubbed Advanced Persistent Threat 41 (APT41), which is unique among other Chinese groups as it uses tools typically reserved for espionage on operations that fall outside state control.

  • The findings highlight an ongoing tug-of-war between Chinese hacking groups and their foreign rivals. An APT group from Southeast Asia was this year found to be targeting government employees in China by creating spoof email login pages.

“The use of Messsagetap and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns. APT41 and multiple other threat groups attributed to Chinese state-sponsored actors have increased their targeting of upstream data entities since 2017.”

—Researchers at FireEye

Details: The attack, dubbed Messagetap, is highly targeted and victims include political leaders, as well as military and intelligence organizations, according to US-based cybersecurity firm FireEye.

  • Unlike similar attacks on telecom companies, this latest automates the process, gathering messages and metadata en masse.
  • Hackers install the software on servers that telecom companies use to route SMS messages or store them if a subscriber is not available.
  • The installed software searches for specific mobile phone or IMSI numbers, which identify individual devices and are used to verify users on a network.
  • The attack allows hackers to parse message contents, IMSI numbers, and source and destination phone numbers.
  • The system is also able to monitor keywords that are of “geopolitical interest,” FireEye said.
  • FireEye did not disclose the names or locations of telecom companies affected by the attacks.

Context: APT41 not only conducts espionage operations but also engages in cybercrime for economic gain, which has helped the group hone its skills to support its state-sponsored operations.

  • Meanwhile, hackers from outside of China have launched offensives against the country’s government officials and state-backed firms.
  • APT groups are gaining worldwide attention, according to China’s National Computer Network Emergency Response Technical Team (CN-CERT). The organization said that the number of reports about these groups had increased by around 360% year on year in 2018.