• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

Fireye catches APT41 spying for the Chinese on Linux servers.

by Cyber360 News
November 11, 2019
in Malware
0
Fireye catches APT41 spying for the Chinese on Linux servers.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Fireye catches APT41 spying for the Chinese on Linux servers.

State-sponsored espionage and surveillance activities have always been a crucial part of a government’s intelligence arm. In relation to this, Fireye Mandiant has discovered a malware termed MessageTap which is being used by China to monitor the text messages of certain high-value individuals.

Developed by APT41, the malware happens to be a 64 bit ELF data miner which was found installed on a Linux-based Short Message Service Center (SMSC) server of a telecommunication company whose identity still remains a mystery.

The important of the server can be judged by the fact that is used as per standards for handling the SMS between both the senders and recipients and that too unencrypted. Hence, if one can access it, they can basically access the messages sent between both parties.

Delving into the details of how it operates, one is presented with a simple yet intriguing process. Firstly, it uses a library called libpcap to monitor the messages. Once done, the content of these messages is parsed through which the International mobile subscriber identity (IMSI) of both users is revealed.

See: SnoopSnitch — An App That Detects Govt’s Stingray Mobile Trackers

As the IMSI number is unique, it helps identify both the sender and the recipient. Moreover, alongside, the phone numbers of both parties are also determined in the process. However, the interest of these hackers doesn’t lie merely in communication between common people. In fact, they have configured the malware to specifically filter messages that satisfy a range of criteria which includes those from specific phone numbers, those with specific IMSI numbers or those that may certain keywords.

Overview Diagram of MESSAGETAP – Image credit: Fireeye

The golden question arising from an analysis of this is that what is the criteria for these filters? Turns out, MessageTap obtains its information from two files given by the attackers named keyword_parm.txt and parm.txt which contains the identification information of those that are given special attention by the Chinese Intelligence.

Elaborating further,

“Examples include the names of political leaders, military and intelligence organizations and political movements at odds with the Chinese government” as explained by Fireeye.

Finally, if any content is found originating from someone on these lists, it is saved in a CSV file that can be exported later by the attackers. The key takeaway from this is that such attacks have been seen before and will stay for the future. For example, APT41 has also been known to target at least 4 other telecommunication groups earlier this year which sheds light on the latest in state intelligence practices.

See: EvilGnomes Linux malware record activities & spy on users

The solution to guard against such attacks largely lies in implementing encryption which would make any information obtained useless even if accessed. Furthermore, any company handling sensitive data should employ cybersecurity teams who recognize such threats amidst all the noise that may surround this particular space.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In