Two-factor authentication, which should be a strong guard, was broken through? Chinese hackers attack 10 countries

Written By mobilephonebrand

A hacker group serving the government attacks the world, it seems like science fiction...

A group of Chinese hackers believed to be working for the Beijing government have learned how to circumvent two-factor authentication and attack other governments and industries, ZDNet reports. increase.

Chinese hacker group 'APT20'

ZDNet said this group is called 'APT20', and they compromised VPN account information in order to gain deeper access to the victim's network. According to new information from Dutch cybersecurity firm Fox IT.

Although there have been cases in the past where two-factor authentication has been breached, such attacks are relatively rare because the hackers require very advanced techniques.

It is not completely clear how APT20 breached security.

Two-factor authentication with strong guard was breached?Chinese hacker group attacked 10 countries</p><h2 id=ZDNet Theory: Token Stolen?

However, ZDNet has a hypothesis.

APT20 steals SecurID software tokens developed by RSA Security from hacked systems and uses them on computers to generate valid one-time codes, bypassing two-step verification at will. It seems that

Normally this is not possible. To use one of these software tokens, you have to physically connect a hardware device (in this case SecurID) to your computer. The device and software token then generate a valid two-factor authentication code. If the device is not there, the RSA SecurID software should generate an error.

Fox IT's reasoning: Did you bypass 2FA?

According to Fox IT, APT20 likely developed this bypass technology itself. They use "legitimate" channels such as VPN access to carry out their attacks, thus evading the web of hackers trying to catch them. And the report says:

We have identified victims of this hacker in industries around the world, including government agencies, managed service providers, energy, healthcare, and high-tech companies in 10 countries.

The hackers are said to target nearly a dozen countries, including Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States.

According to the researchers, APT20 deploys custom backdoors on multiple servers and moves between servers after the first successful hack. From there, sensitive data collection begins even without additional account information to improve access. Also, once the hack is over, the data exfiltration tools and compressed files are usually deleted to obscure the tracks and make further investigations difficult.


Is it okay for Japan to have an IT minister like that? Government-backed hacker groups are terrifying, but if you think about it for a moment, it's not surprising that they exist.

Fox IT's full report is available in their full 41-page PDF. If you want to try it, please do so.

Source: ZDNet, Fox IT (1, 2)Reference: RSA, e-Words