Chinese hackers bypass 2FA

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A Chinese hacking group has been able to successfully target Western government entities by bypassing Two-Factor Authentication protections.

According to Dutch cybersecurity company, Fox-IT, the hackers were able to remain undetected in compromised systems precisely because they were able to exploit existing security tools already present.

Exploited software

Exploited software

The claims were made by Fox-IT after a two year investigation into compromised systems, which they released in a whitepaper in which they identified the hackers’ activities and methods.

The key actor was identified as the APT20 hacking group, which is claimed to have worked under the authority of the Chinese government for nearly ten years. The group targets government agencies and Managed Service Providers (MSPs) by exploiting vulnerabilities in web servers to access networks.

From there, they can install web shells to facilitate moving through the IT networks, focusing on enterprise application platforms. The hackers also targeted user workstations with administrator privileges, as well as password vaults.

The most surprising finding was that Two-Factor Authentication (2FA) protocols could be bypassed in vulnerable systems, with the hackers able to generate their own software tokens for access within exploited software.

Fox-IT reports that the easiest way to defend against such attacks is by robust use of segmentation, as well as leveragingMicrosoft’s Enhanced Security Administrative Environment (ESAE) for greater security.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via ZDnet

Brian has over 30 years publishing experience as a writer and editor across a range of computing, technology, and marketing titles. He has been interviewed multiple times for the BBC and been a speaker at international conferences. His specialty on techradar is Software as a Service (SaaS) applications, covering everything from office suites to IT service tools. He is also a science fiction and fantasy author, published as Brian G Turner.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Google Pixel Watch 2 plunges back down to lowest-ever price ahead of Black Friday