Chinese hackers get around double authentication

A group of Chinese called APT 20, known by the media as being linked to the Chinese government, specializes in hacking of public institutions and industrial enterprises.

They are considered to be very effective in taking control of service providers. And now we're discovering a new string to their bow. It would be able to bypass the famous dual-factor authentication.

This article will also interest you: APT41, a group of Chinese pirates discovered

For some time now, security experts have been announced that there is a Successful Chinese Group where was able to circumvent the security offered by dual authentication factor. during a wave of attacks that took place during the year. "These attacks are attributed to the APT20 group, tracked down by the cybersecurity, and which would operate on the orders of the Chinese government. According to the Dutch IT security company, Fox-IT in its report published the week before.

The hacker group has mainly targeted institutions government, service providers in a number of areas, such as health, aviation, finance, energy, insurance, and even the bets.

According to the computer security company, hackers Chinese have been very active in recent years. we can go back to 2011 with the first shot of hacking of the group. however around 2016 and 2017, cybercriminals stopped making of them, surely with a view to changing the modus operandi. It is surely the last two years, that is, 2018 and 2019 that these groups pirates have been genuinely active on different bases. The Dutch company cybersecurity says APT 20 is using the web server as soon as they have gained access to their targets' systems. The illustration was given with the attack of the platform referred to as JBoss, which is widely adored by networks of governments and private companies. "APT20 has exploited vulnerabilities to access servers, then installed web shells, and then spread laterally into the target's internal system," Fox-IT noted. Once their intrusion was successful, the Chinese hackers automatically seized the passwords and other identifiers needed to be able to easily access the system and take over user accounts. in short he just wanted recover the identifiers that access to the VPN. In this way, it would be easy for them to have access to fairly secure and impregnable parts of their infrastructure victims, in "stay off the radar." To succeed in this masterstroke, they preferred to use software already installed on the various terminals that he had managed to hack, instead of viruses that they could have conceived themselves, because it would be risky and it could have been done detect.

but in all this what it must be remembered and what seems really essential is that this group of hackers has indeed succeeded bypass multi-factor authentication. According to the company Dutch computer security, there would be evidence that hackers Chinese had managed to log into VPN accounts that were secured by the family multiple authentication.

According to the Fox-IT theory, APT 20 stole a software token from which single-validity code could be generated, to help them exceed the security measures required by dual-factor authentication. If in principle it is impossible to do so to circumvent the dual authentication, foxit tries to explain the reasons that legitimize the success of the Chinese hackers: "The token is generated for specific variables of the system, but obviously these variables can be recovered by the attacker when he has access to the victim's system. (…) In short, the attacker simply needs to steal a token from the RSA SecurID software and patch an instruction to generate valid tokens. »

Now access an unlimited number of passwords: