Researchers Find SMS Monitoring Malware in Linux Telecom Servers
A state-sponsored tool most likely used by Chinese advanced persistent threat group APT41 was discovered inside the Linux servers of an undisclosed telecom company, surveilling incoming and outgoing SMS messages.
FireEye Mandiant recently identified a new malware family called MESSAGETAP, which was already deployed in the telecom company”s infrastructure. The term “advanced persistent threat group” is usually reserved for hacking groups employed or used by state actors.
The researchers said the tool deployed by APT41 supported Chinese espionage efforts, but the group has financial motives as well. It”s unclear how long the malware was operating before it was found, but a 2019 investigation revealed it in a cluster of Linux servers.
“Specifically, these Linux servers operated as Short Message Service Center (SMSC) servers. In mobile networks, SMSCs are responsible for routing Short Message Service (SMS) messages to an intended recipient or storing them until the recipient has come online,” said the researchers. “The malware parses and extracts SMS message data from the network traffic, which includes the SMS message contents, the IMSI number, and the source and destination phone numbers.”
The attackers” identification of both phone and IMSI numbers shows they were singling out known individuals. “Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government,” is also detailed in the official report.
MESSAGETAP is a perfect example of how messages can be intercepted in other layers generally considered safe. It also unveils the scope of the state actor”s purview and what they are capable of achieving.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022