ADVERTISEMENT

China-Linked Hackers Target Military, Government Texts, FireEye Says

China-Linked Hackers Target Military, Government Texts, FireEye Says

(Bloomberg) -- A state-linked Chinese hacking group is using malware to steal SMS text messages from high-ranking military and government targets, according to cybersecurity company FireEye Inc.

The hacking technology, known as MESSAGETAP, “allows China to efficiently steal data from multitudes of sources from one location,” Steven Stone, FireEye’s director of advanced practices, said in a statement. “Espionage-related theft and intrusions have been long occurring, but what is new is the vast scale due to the use of this tool.”

The company’s finding, released in a blog on Thursday, underscores the growing concerns about China’s use of technology for espionage and the theft of intellectual property. Telecommunications pose a special concern, as the U.S. seeks to persuade its allies not to build their next-generation networks with tools from Chinese companies such as Huawei Technologies Co.

But even in networks that China hasn’t built, sophisticated hacking operations might allow access to data. In 2019 alone, FireEye observed eight attempts to target telecommunications entities by groups with suspected links to the Chinese government. Four of these hacking attempts were conducted by the group known as APT41 that is now using MESSAGETAP.

APT41 began “state-sponsored cyber-espionage missions as well as financially motivated intrusions” as early as 2012, FireEye said. But the cybersecurity company said it discovered the use of MESSAGETAP only this year while probing a hack of a telecommunications network provider.

“During this intrusion, thousands of phone numbers were targeted, to include several high-ranking foreign individuals likely of interest to China,” Stone said in the statement. “Any SMS containing keywords from a pre-defined list such as the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government were also stolen.”

Even though FireEye has detected the use of MESSAGETAP by China-linked hackers, it is difficult to defend against the malware. “There are virtually no actions that a user can take to protect these messages on their devices or even gain awareness to this activity,” FireEye said in the statement.

To contact the reporter on this story: Alyza Sebenius in Washington at asebenius@bloomberg.net

To contact the editors responsible for this story: Andrew Martin at amartin146@bloomberg.net, Andrew Pollack, Dan Reichl

©2019 Bloomberg L.P.