Security firm says Chinese hackers intercepted text messages

Chinese hackers with a history of state-sponsored espion have intercepted text messs of thousands of foreigners in a targeted campaign that planted eavesdropping software on a telecommunications provider’s servers, a cybersecurity firm said.

FireEye said in a report issued on Thursday that hackers belong to group designated vanced Persistent Threat 41 , or APT41, which it says has been involved in spying and cybercrime for most of past dece. It said some of targets were “high-value” and all were chosen by ir phone numbers and unique cellphone identifiers kwn as IMSI numbers.

cybersecurity firm would t identify or orwise characterize victims or impacted telecoms provider or give its location. It said only that telecom is in a country that’s typically a strategic competitor to China.

spyware was programmed to capture messs containing references to political leers, military and intelligence organizations and political movements at odds with Chinese government, FireEye said.

FireEye’s director of vanced practices, Steven Stone, said ne of kwn targets was a U.S. government official.

discovered malware, which FireEye dubbed MESSTAP, was able to collect data on its targets without ir kwledge but could t re messs sent with end-to-end encrypted applications such as WhatsApp and iMess.

“If you’re one of se targets you have idea your mess traffic is being taken from your device because your device hasn’t been infected,” Stone said.

FireEye said hackers also stole detailed calling records on specific individuals, obtaining phone numbers y interacted with, call durations and times.

A government representative at China’s embassy in Washington, D.C., did t immediately respond to an emailed request for comment.

FireEye did t identify maker of equipment that was hacked or specify how hackers penetrated telecom provider networks.

It said APT41 began using MESSTAP during summer, which is around when pro-democracy protests began in Hong Kong. firm said since its discovery, it has found “multiple” telecoms targeted by malware.

FireEye said it has observed APT41 targeting four telecoms this year as well as major travel services and healthcare providers in countries it did t identify.

Details of espion operation come as U.S. tries to persue allied governments to shun Chinese telecom equipment providers led by Huawei as y build next-generation wireless networks kwn as 5G, claiming y represent a risk to national security.

U.S. government alrey has banned government ncies and contractors from using equipment supplied by Huawei and ZTE, ar Chinese company. It is w seeking to bar ir use in telecom projects that receive federal funding.

Huawei vehemently denies that it has allowed China’s communist rulers to use its equipment for espion, and Washington has presented proof of such. U.S. officials say a 2017 Chinese law requires organizations and citizens to help state collect intelligence.

___

Follow Tami Abdollah on Twitter at https://twitter.com/latams