【18+ Archives】

Malware tied to Chinese hackers has been found infecting telecommunication networks to steal SMS messages from thousands of phone numbers.

8+ Archivesspying effort comes from a Chinese state-sponsored hacking group called APT 41, according to the cybersecurity firm FireEye. On Thursday, the company published a report on a malware strain from the group that's designed to infect Linux-based servers used by telecommunication carriers to route SMS messages.

Some time this year, FireEye uncovered the malicious computer code on a cluster of servers belonging to an unnamed telecommunication network provider. "During this intrusion, thousands of phone numbers were targeted, to include several high-ranking foreign individuals likely of interest to China," the company told PCMag.

---

You May Also Like

---

---

Interestingly, the malware is selective of which SMS messages it will try to collect. The APT 41 hackers pre-programmed it using two lists. The first one searches outs the target, based on the person's phone number and International Mobile Subscriber Identity (IMSI) number. The second list contains certain keywords that the malware will seek to find within the SMS messages. If one of the keywords is found in an SMS message, the malware will then save it in a .CSV file, which the hacker can later extract.

"The keyword list contained items of geopolitical interest for Chinese intelligence collection. Sanitized examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government," FireEye researchers said in the report.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Original image has been replaced. Credit: Mashable

The suspected Chinese hackers behind the malware also clearly knew who they were targeting, since they had access to both the victims' phone numbers and the IMSI numbers, which is harder to come by. On some Android phones, you can access the IMSI number in the settings function. But the information is primarily used by telecommunication carriers to uniquely identity each subscriber on a cellular network, which suggests the hackers had some serious intel-collecting abilities.

In the same intrusion, the hackers were also found interacting with databases that contained voice call record details, including the time of the call, the duration and the phone numbers involved.

"In 2019, FireEye observed four telecommunication organizations targeted by APT41 actors," the company added in today's report, which refrained from naming the organizations hit. "Further, four additional telecommunications entities were targeted in 2019 by separate threat groups with suspected Chinese state-sponsored associations."

SEE ALSO: Facebook sues WhatsApp developer that allegedly put spyware on phones of journalists and political dissidents

Other security researchers have also noticed suspected Chinese cyberspies infiltrating cellular networks. In June, security firm Cybereason uncovered evidence that Chinese hackers had broken into telecommunication carriers to steal call log and location data from "high-value" individuals across the globe.

The attacks underscore the risk of sending unencrypted information over cellular networks; the content is readable to whoever controls the SMS routing server. For especially sensitive messages, it's a good idea to use a mobile messaging app, such as WhatsApp or Signal, which offer end-to-end encryption.

Topics Cybersecurity Politics

• Entertainment
• Life
• Tech
• Deals
• Social Good
• Games
• Shopping
• Digital Culture

• Stablecoin bill advances in U.S. Senate as Trump critics call to end his crypto dealings
• Why Write About Sex? by Lorin Stein
• Celebs weren’t buying Twitter's checkmarks so Elon just gave it back to them
• Brian Cox is hosting Prime Video's 'James Bond' competition TV show
• 'Severance' Season 3 gets confirmed by Apple
• Shiv Roy is the stealthy MVP of 'Succession' Season 4, episode 5
• Microsoft says it won't sell facial recognition tech to police, either
• 'Wordle' today: Here's the answer, hints for April 22
• TikTok wants me to host a dinner party. Is that an actual recession indicator?
• Here with the Windies by Rachael Maddux

• Reading Dogs, Biblical Judges, Myers
• Staff Picks: Monkey Minds, the Singing Butler, and Rum Cookies by The Paris Review
• The Gospel According to Gospel by Lorin Stein
• Home to Darkness: An Interview with Playwright Tom Murphy by Belinda McKeon
• Transatlantic by Maggie Shipstead
• Code 451, Psychotic Real Estate by Sadie Stein
• Tuesday: Me by Witold Gombrowicz
• This Side of Paradise by Rachael Maddux
• What We’re Loving: Gardens, Riches, and Kidneys by The Paris Review
• What We're Loving: All Kinds of Poetry by Sadie Stein

• Amazon Big Spring Sale 2025: Best portable speaker deal
• American Girl; Speed Levitch by Sadie Stein
• Father's Day; Church Going by Lorin Stein
• Trump lies about elderly protester injured by police, hits another new Twitter low
• Best robot vacuum deal from the Amazon Big Spring Sale
• Pear ring for singles wants to replace dating apps
• Poem: Because my daughters are growing, by Tayve Neese
• Pew survey: 'AI will impact jobs, but not mine.'
• NYT Strands hints, answers for May 5
• Yes, that was Guillermo del Toro in 'Barry'

• Norrie vs. Diallo 2025 livestream: Watch Madrid Open for free
• Making ‘Of Lamb’ by Thessaly La Force
• Will Self on ‘Walking to Hollywood’ by Jonathan Gharraie
• Plimpton! on Kickstarter by Thessaly La Force
• Fyre Festival and Trump’s Language
• Pew survey: 'AI will impact jobs, but not mine.'
• BTS gave $1 million to Black Lives Matter. The Army wants to match it.
• Here with the Windies by Rachael Maddux
• Best robot vacuum deal from the Amazon Big Spring Sale
• Celebs weren’t buying Twitter's checkmarks so Elon just gave it back to them