Even Two-Factor Authentication Couldn't Stop Chinese Hackers

A hacking group from China that’s believed to work for the Beijing government has learned to bypass two-factor authentication in their attacks aimed at industry and government targets, according to a Mondy report on the hackers from ZDNet.

The group in question is called APT20. By figuring out a way to compromise VPN credentials, the hackers managed to obtain higher levels of access on the networks of their victims, ZDNet cited a report from Fox-IT, a Dutch cyber-security company.

Attempts to bypass two-factor authentication is nothing new, but it is so sophisticated that this kind of attack is quite rare. It remains unclear how the group succeeded, but there’s one theory reported by ZDNet:

According to Fox-IT, the group might have developed the technique to bypass themselves. APT20 successfully stayed off the radar using legitimate channels like VPN access as they carried out the attacks.

The report says that the group’s victims are in multiple countries, government entities, service providers as well as in various industries, which include High-Tech, Health Care, and Energy. There were over ten countries targeted in these attacks such as the US, the UK, Spain, Portugal, Mexico, Italy, Germany, France, China, and Brazil.

Once the group has acquired initial access, they move laterally by applying custom backdoors on several servers, according to the researchers. From there, they begin to collect the sensitive data it wants, or more credentials to help with elevating the access. When they’re done, they delete their tools, compressed files they created for extraction for forensic investigations.