Chinese hackers found spying on SMSes, stealing call records of foreign individuals

Reports have surfaced of that of a group of Chinese hackers targeting telecommunications companies with a new piece of malware, designed to spy on text messages sent or received by highly targeted individuals.

Dubbed "MessageTap," the malware is a 64-bit ELF data miner that has recently been discovered installed on a Linux-based Short Message Service Center (SMSC) server of an unnamed telecommunications company. In mobile telephone networks, SMSC servers act as a middle-man service responsible for handling the SMS operations by routing messages between senders and recipients.

MessageTap has been created and used by APT41, a prolific Chinese hacking group that carries out state-sponsored espionage operations and has also been found involved in financially motivated attacks, as per a recent report published by FireEye's Mandiant firm.

According to the researchers, "the risk of unencrypted data being intercepted several layers upstream in their cellular communication chain" is especially "critical for highly targeted individuals such as dissidents, journalists, and officials that handle highly sensitive information."

The APT41 hacking group has also been found stealing call detail records (CDR) corresponding to high-ranking foreign individuals, exposing metadata of calls, including the time of the calls, their duration, and the source and destination phone numbers.

Chinese hackers targeting telecommunications companies isn't new. In this year itself, the APT41 hacking group targeted at least four telecommunications entities, and separate Chinese-suspected state-sponsored groups also observed hitting four additional telecommunications organizations.

According to the FireEye researchers, this trend will continue and more such campaigns will be discovered soon, and therefore to mitigate a degree of risks, targeted organisations should consider deploying an appropriate communication program that enforces end-to-end encryption.