Report: APT20, a Chinese government-linked hacking group, has bypassed key fob-enabled 2FA in recent attacks on government orgs and managed service providers (Catalin Cimpanu / ZDNet)
Hacking is a huge business. Hackers make millions of dollars annually by breaking into systems and stealing data from other companies. In a world of sophisticated cyberattacks, it is difficult to identify a hack when it happens. Organizations need help to detect or take immediate action against a breach. But that’s not the case anymore. Hackers today can bypass most authentication methods, including two-factor authentication (2FA) using key fobs. Hackers can access two-factor authentication tokens with a malicious script or phishing email. These attacks are becoming more common, and the results can devastate organizations. The recently discovered Advanced Persistent Threat 20 (APT20) group has used this method to hack organizations across the globe, including the Pentagon, the White House and the U.S. Department of State. Hackers can also use fake key fobs to get unauthorized access to computers and networks.
What is APT20, a Chinese government-linked hacking group?
APT20, a Chinese government-linked hacking group, is behind the cyberattack, according to cybersecurity firm Mandiant, which discovered a trove of stolen data earlier this month. The hackers stole information from over two dozen organizations worldwide, including government agencies, media companies, a leading French oil company and a U.S. law firm, and then posted the documents online. The leak contained confidential information from 141 accounts and some 2.5 terabytes of data, according to Mandiant.
How APT20, has bypassed key fob-enabled 2FA in recent attacks on government organs and managed service providers?
APT20 is the name given to a group of hackers targeting the U.S. military, U.S. government, diplomatic facilities, energy, financial and technology firms in the past year. Some high-profile targets included the Office of Personnel Management (OPM), a U.S. government human resources management agency, the National Nuclear Security Administration (NNSA) and the U.S. Energy Department. Two-factor authentication (2FA) is a common security feature to protect online accounts from unauthorized access. But some hacking groups, such as Advanced Persistent Threat (APT) 20, can bypass 2FA, using stolen data from previous breaches to obtain a digital certificate needed to log into the victim’s account.
How does APT20 bypass 2FA?
APT20 is a company that sells access tokens that can be used to log into a website and bypass two-factor authentication (2FA). They also offer passes that can be used to log into various apps. The company claims it doesn’t store user information, and its tokens do not support logging in to sites or apps requiring multifactor authentication. As of July 2017, online banking customers’ most common 2FA authentication method was SMS (or text) codes. However, APT20 had developed a way around that system by modifying the code with extra characters that caused banks to accept the same code multiple times and provide access to accounts.
Conclusion
In conclusion, In a recent report, The Dark Reading security team discovered that Chinese government-affiliated cyber threat actor APT20 bypassed the two-factor authentication (2FA) in its latest campaigns by exploiting an unpatched vulnerability in an application used by organizations to manage remote access to mobile devices. This flaw could allow attackers to compromise users’ accounts through a compromised machine like a laptop. Users who use Microsoft Active Directory (AD) to manage access to their mobile devices are potentially at risk. In addition to the basic 2FA factor of a password, companies should adopt multifactor authentication (MFA) for better security of their systems and networks. MFA adds an extra layer of protection when users log in to their accounts.
FAQs
1. What is 2FA?
Two Factor Authentication (2FA) is an authentication method where a user must use two factors to authenticate their account.
2. What is the difference between 2FA and multifactor authentication?
With 2FA, you must use something you have, such as a mobile phone or a physical token like a USB drive or smart card.
3. Why is 2FA important?
It’s important because hackers can’t use stolen passwords to access your accounts.
4. How does a hacker get into my computer?
A hacker can get into your computer by using malware or by phishing.