No matter how secure companies try and make their authentication methods, at the end of the day hackers seem to find a way to sneak in.
A lot of security experts and companies may have you believe that Two-Factor Authentication is one of the safest and fool-proof method of authentication but security researchers say they have found evidence that a Chinese government-linked hacking group has been able to successfully bypass Two-Factor Authentication (2FA) protections in a recent wave of attacks targeting Western government entities.
Hacking group inked to China
According to a report published last week by Dutch cybersecurity firm, Fox-IT, the attacks have been attributed to a group known as APT20, which is believed to operate at the behest of the Chinese government.
The report also claimed that the hackers primary targets were government entities and managed service providers (MSPs). The target government entities and MSPs include field like aviation, healthcare, finance, insurance, energy, and even some niche fields such as gambling and physical locks.
Hackers remained undetected for a long time
The cybersecurity firm says the hackers remained undetected in the compromised systems because they were able to exploit existing security tools that were already present in the systems. Fox-IT published the report after a thorough two year investigation into the compromised systems. The report which was released in a white paper identified the hackers activities and methods.
The findings point at a key actor which is being identified bas the APT20 hacking group, a hacker group that is claimed to have been working under the authority of the Chinese government for almost ten years.
Targets include government agencies, user workstations
The group would install web shells to facilitate movement through the IT networks by exploiting vulnerabilities in web servers of targeted government agencies and MSPs, with a focus on Enterprise application platforms. The hackers also targeted user workstations with admin privileges as well as password vaults.
However, the most crucial finding was that the group was able to bypass 2FA protocols in the vulnerable systems and generate its own software tokens for access within the exploited software. Fox-IT also suggested ways to safeguard against such attacks and says that the easiest way is through robust use of segmentation.
However, despite what appears to be a very ingenious hacking activity over the past two years, Fox-IT claims that "overall the actor has been able to stay under the radar."