A report by FireEye reveals the malware MESSAGETAP as it infects SMS servers to aid APT41, a Chinese ATP Group’s cyber espionage intrusions into high-level individuals’ text messages.
In a recent report FireEye has identified a unique malware called MESSAGETAP that infects SMS servers within telecommunication organizations to aid cyber espionage intrusions.
The new malware family used by APT41 (a Chinese APT group), is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts. APT41’s operations have included state-sponsored cyber espionage missions as well as financially-motivated intrusions.
Observed victims to date are high-ranking military and government officials traditionally of interest to the Chinese government. Their stolen communications cover a wide range of topics to include: military topics, intelligence efforts, political movements at odds with China, and named senior Chinese leaders.
There are virtually no actions a user can take to protect these messages on their devices or even gain awareness to this activity. All activity from MESSAGETAP occurs at the service provider level based on observed APT41 actions and a detailed study of the tool.