Chinese hackers intercepted text messages of foreigners, FireEye claims

1 Nov 2019

Image: PA Media

Though FireEye did not identify the exact victims, it said that Chinese hackers intercepted texts sent by ‘high-value’ targets.

Chinese hackers with a history of state-sponsored espionage have intercepted the text messages of thousands of foreigners in a targeted campaign that planted eavesdropping software on a telecommunications provider’s servers, a cybersecurity firm has claimed.

FireEye said in a report that the hackers belong to the group designated Advanced Persistent Threat 41 (APT41), which it said has been involved in spying and cybercrime for most of the past decade.

It said some of the targets were “high-value” and all were chosen by their phone numbers and unique mobile phone identifiers known as IMSI numbers.

The cybersecurity firm would not identify or otherwise characterise the victims, or the impacted telecoms provider and its location. It said only that the telecom is in a country that is typically a strategic competitor to China.

The spyware was programmed to capture messages containing references to political leaders, military and intelligence organisations and political movements at odds with the Chinese government, FireEye said.

The company’s director of advanced practices, Steven Stone, said none of the known targets was a US government official.

The discovered malware, which FireEye dubbed MessageTap, was able to collect data on its targets without their knowledge but could not read messages sent with end-to-end encrypted applications, such as WhatsApp and iMessage.

“If you’re one of these targets, you have no idea your message traffic is being taken from your device because your device hasn’t been infected,” Stone said.

National security concerns

FireEye said the hackers also stole detailed calling records on specific individuals, obtaining the phone numbers they interacted with, call durations and times. It did not identify the maker of the equipment that was hacked or specify how the hackers penetrated the telecom provider networks.

It said APT41 began using MessageTap during the summer, which is around the same time that pro-democracy protests began in Hong Kong. The firm said since its discovery it has found “multiple” telecoms targeted by the malware.

FireEye added that it has observed APT41 targeting four telecoms this year as well as major travel services and healthcare providers in countries it did not identify.

Details of the espionage operation come as the US tries to persuade allied governments to shun Chinese telecom equipment providers led by Huawei as they build next-generation 5G networks, claiming they represent a risk to national security.

The US government has already banned government agencies and contractors from using equipment supplied by Huawei and ZTE, another Chinese company. It is now seeking to bar their use in telecom projects that receive federal funding.

Huawei denies that it has allowed China’s communist rulers to use its equipment for espionage, and says that Washington has presented no proof of such.

US officials say a 2017 Chinese law requires organisations and citizens to help the state collect intelligence.

– PA Media