Researchers detect a Chinese hacking group bypassing 2FA
Security researchers have found evidence that in a recent spate of attacks, a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA).
The attacks have been attributed to a group the cyber-security industry has been terming it as APT20. The group is believed to operate on the behest of the Beijing government, according to the Dutch cyber-security firm Fox-IT. in a report published last week.
The group's primary targets were government entities and managed service providers (MSPs), who have been active in fields like aviation, healthcare, finance, insurance, energy, and even something as niche as gambling and physical locks.
The Fox-IT’s report comes to fill in a gap in the group's history. APT20's hacking goes back to 2011, but researchers lost track of the group's operations in 2016-2017, when they changed their mode of operation.
Fox-IT's report documents what the group has been doing over the past two years and how they have been doing it. The modus operandi of the hackers include using web servers as the initial point of entry into a target's systems, with a particular focus on JBoss, an enterprise application platform often found in large corporate and government networks.
APT20 used vulnerabilities to gain access to these servers, install web shells, and then spread laterally through a victim's internal systems.
On the inside, the group is said to dump passwords and look for administrator accounts, in order to maximize their access. A primary concern was obtaining VPN credentials, so hackers could escalate access to more secure areas of a victim's infrastructure, or use the VPN accounts as more stable backdoors.
Fox-IT said that despite what appears to be a very prodigious hacking activity over the past two years, "overall the actor has been able to stay under the radar."
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.