Chinese APT20 Hacker Group Bypassing 2FA in Latest Attacks

Chinese APT20 Hacker Group Bypassing 2FA in Latest Attacks

A Chinese state sponsored hacking group, APT20, has been found bypassing two-factor authentication (2FA) in a recent wave of attacks, security researchers at the Dutch cyber-security firm Fox-IT have warned.

Security researchers say they found evidence that the attacks have been attributed to a group which the cyber-security industry was tracking as APT20, believed to operate on the behest of the Beijing government.

The group's primary targets were government entities and managed service providers (MSPs). The government entities and MSPs were active in fields like aviation, healthcare, finance, insurance, energy, and even something as niche as gambling and physical locks, ZDNet reported on Monday.

A laptop displays a message after being infected by ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop, Netherlands. (Representational image). VOA

It is pertinent to note that the Chinese state sponsored hacking group was said to be dormant for years.

While on the inside, Fox-IT said the group dumped passwords and looked for administrator accounts, in order to maximise their access.

A primary concern was obtaining virtual private network (VPN) credentials, so hackers could escalate access to more secure areas of a victim's infrastructure, or use the VPN accounts as more stable backdoors, the report added.

According to the researchers, the hackers would generally gain entry to an organisation's systems by exploiting a vulnerability on web servers that the company or government agency operated. They would then penetrate further to identify people, usually system administrators, with privileged access to the most sensitive parts of the computer network. (IANS)