Cybersecurity company FireEye detailed a new malware family, dubbed MessageTap, in a blog post yesterday. MessageTap has reportedly been used by cyberhacking group APT41 to monitor and save SMS traffic from certain phone numbers, international mobile subscriber identity (IMSI) numbers and keywords for subsequent cyberattacks and data theft.
FireEye has described APT41 as a “dual espionage and cybercrime group” that has been known to carry out cyberattacks on behalf of the Chinese government since 2012.
FireEye first learned about MessageTap's existence in August during an investigation of a telecommunications company’s Short Message Service Center (SMSC) servers. SMSCs are responsible for routing SMS texts to an intended recipient or storing them until the recipient comes online.
The attackers were able to use the malware that infected the SMSC Linux to steal a high volume of phone numbers and IMSI numbers, which includes the country code and other network identification numbers.
According to FireEye, the attack seems to have been politically motivated, as the attackers looked primarily for phone numbers that belonged to “political leaders, military and intelligence organizations, as well as political movements at odds with the Chinese government.”
The attackers also reportedly stole call detail record (CDR) databases associated with foreign high-ranking individuals that were of interest to the Chinese intelligence agencies. The records allowed the attackers to see who the victims were calling, including information like what time the calls were made, their duration and the called phone numbers. Meanwhile, MessageTap allowed them to see the contents of specific messages between the targeted individuals.
Another Reason for End-to-End Encryption
FireEye said that MessageTap shows how the Chinese government is evolving its espionage operations to target service providers such as telecommunications companies, major travel services and healthcare providers. Because much of this data isn’t end-to-end encrypted or encrypted at rest, it’s an all-you-can-steal data buffet for hackers.
The trend could continue into the future if communications provided by industries like telecom continue to lack end-to-end encryption. Western governments and telecom providers had an opportunity to switch to end-to-end encryption with a new generation of wireless technology (5G). However, they largely chose not to make any changes.
A lack of end-to-end encryption seems to serve the interests of telecom providers that have increasingly started to want to become advertising companies and compete with the likes of Google and Facebook by tracking and data mining users’ calls, texts and website visits.
It also serves Western governments who have increasingly attacked the adoption of end-to-end encryption in popular chat applications such as WhatsApp or Signal.
Whether or not the rising trend of Chinese espionage operations against Western telecom companies -- and now, seemingly politicians' themselves -- will change political leaders’ minds about encryption remains to be seen.