APT41, one of China’s abounding hacking groups has developed a new kind of malware that can steal SMS letters from a cellular network.

According to latest analysis by cybersecurity vendor FireEye, the state-backed threat actor — belled for a battery of espionage operations adjoin geopolitical adversaries — developed the capabilities to adviser and save SMS cartage from specific phone numbers for consecutive theft.

The malware — dubbed MESSAGETAP — was apparent on a Short Bulletin Account Center (SMSC) server that was being used by a telecom firm to route SMS letters to advised recipients.

Aside from active to abstract the SMS bulletin content, the malware collects the source and destination phone numbers of targeted individuals, the mobile subscriber character numbers, and data from call detail record (CDR) databases.

MESSAGETAP works by sniffing SMS cartage and burglary them if the capacity accommodate assertive appropriate keywords of geopolitical interest, the letters were being sent from or to accurate phone numbers, or specific accessories with unique IMSI numbers.

FireEye didn’t acknowledge targets of the advance campaign, but said four telecom operators were attenuated with MESSAGETAP in 2019.
In addition, it apparent a abstracted state-backed group injected this malware into four added cellular account providers’ networks.

“The use of MESSAGETAP and targeting of acute text letters and call detail annal at scale is adumbrative of the evolving nature of Chinese cyber espionage campaigns,” FireEye said.

A able hacking group

Known as Barium or Winnti by other companies, APT41 has been ahead linked to assorted supply chain compromises targeting Asus, NetSarang, and CCleaner account in recent years.

Although state-sponsored cyber espionage missions are its primary objectives, the group is also known for administering financially-motivated side operations by using ransomware adjoin game companies and advancing cryptocurrency providers for claimed profit.

With its wide range of tools and techniques, APT41 has proven itself to be a “Swiss Army knife” able of data theft, active extortion campaigns, and surveilling anyone of absorption to Beijing.

APT41’s attack is the latest affirmation of the group’s accretion abstruse accomplishment to mount such highly targeted surveillance attacks.

This necessitates that organizations should abstract their analytical arrangement basement and secure it behind strong firewall barriers so as to anticipate deeper access to centralized systems.

What’s more, the development highlights the risks associated with transmitting acute data over SMS, which are not only unencrypted but are prone to hijacking attacks. It also means users should accede switching to more secure alternatives — such as Signal and WhatsApp — that accomplish end-to-end encryption.

Read next: Russian aluminum plant driven to cryptocurrency mining by US sanctions