Chinese hackers steal text messages, call logs
WASHINGTON — Chinese hackers with a history of state-sponsored espionage have intercepted the text messages of thousands of foreigners in a targeted campaign that planted eavesdropping software on a telecommunications provider’s servers, a cybersecurity firm said.
FireEye said in a report issued on Thursday that the hackers belong to the group designated Advanced Persistent Threat 41, or APT41, which it says has been involved in spying and cybercrime for most of the past decade. It said some of the targets were “highvalue” and all were chosen by their phone numbers and unique cellphone identifiers known as IMSI numbers.
The cybersecurity firm would not identify or otherwise characterize the victims or the impacted telecoms provider or give its location. It said only that the telecom is in a country that’s typically a strategic competitor to China.
The spyware was programmed to capture messages containing references to political leaders, military and intelligence organizations and political movements at odds with the Chinese government, FireEye said.
FireEye’s director of advanced practices, Steven Stone, said that none of the known targets were U.S. government officials.
The discovered malware, which FireEye dubbed MESSAGETAP, was able to collect data on its targets without their knowledge but could not read messages sent with end-to-end encrypted applications such as WhatsApp and iMessage.
“If you’re one of these targets you have no idea your message traffic is being taken from your device because your device hasn’t been infected,” Stone said.
FireEye said the hackers also stole detailed calling records on specific individuals, obtaining the phone numbers they interacted with, call durations and times.
A representative at China’s embassy in Washington, D.C., did not immediately respond to an emailed request for comment.