A hacking group backed by Beijing hacked into telecommunication companies, stealing textual content of “geopolitical interest,” according to a new report by cybersecurity firm, FireEye. Names of the countries, companies, and individuals subjected to the hack have not been revealed.
The hacking job was done by the infamous APT41 group through a piece of malware called “Messagetap.” Once malware infected the telecom providers, it searched text messages for keywords that have geopolitical interest for the Chinese intelligence agencies.
Messages that contained references to military, intelligence organizations, political leaders, and political movements that were deemed to be at odds with the Chinese government were captured. Call records of a few individuals were stolen, including the phone numbers they had conversed with, duration of calls, time of the calls, and so on. None of the identified targets are associated with the U.S. government in any way.
The victims were never aware that their messages were being hacked. However, the malware could not read WhatsApp messages since the application uses end-to-end encryption. APT41 apparently started using Messagetap over the summer, which is when the Hong Kong protests started. The hacking group has attacked four telecom companies this year.
“The use of Messagetap and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns observed by FireEye… Strategic access into these organizations, such as telecommunication providers, enables the Chinese intelligence services an ability to obtain sensitive data at scale for a wide range of priority intelligence requirements,” FireEye said in the report (CNBC).
One of the researchers at FireEye warned that the hackers were not targeting any specific processing software. Instead, they were going after the SMS traffic at the carrier level. As such, every telecommunication company is potentially at risk of being targeted and attacked by APT41. In the past, security experts have criticized the use of SMS messaging during multi-factor authentication due to its antiquated technology. With hackers increasingly posing a threat, telecommunication traffic might soon be shifted completely to end-to-end encrypted solutions.
Targeting US elections
As things heat up ahead of the upcoming elections, American intelligence officials are raising alarm bells about Russia, Iran, and China. The risk of hackers and online propaganda groups from these countries interfering in American elections is very high.
“Make no mistake, China is aggressively pursuing foreign influence operations… So as we roll into 2020, though Russia was certainly a threat in 2016 [and] 2018, and will continue to be so in 2020, we are also aggressively looking at China as well,” Nikki Floris, an FBI deputy assistant director, said at a recent congressional hearing (The Guardian).
Recently, Microsoft reported that Iranian hackers targeted an unidentified presidential campaign in addition to journalists, important expatriate Iranians, and government officials. Facebook has also confirmed that foreign powers were trying to spread disinformation through their platforms in a bid to disrupt elections in the United States, Latin America, and North Africa.
The Defense Department and the Department of Homeland Security have declared the secure conduct of the 2020 elections as the “top priority of the United States government.” The administration is said to be closely working with all 50 states and territories to identify threats and to share critical information with one another.