A Chinese hacking group has been able to successfully target Western government entities by bypassing Two-Factor Authentication protections.
According to Dutch cybersecurity company, Fox-IT, the hackers were able to remain undetected in compromised systems precisely because they were able to exploit existing security tools already present.
- Abundance of cybersecurity tools puts enterprises at risk (opens in new tab)
- Stay safe and anonymous online with the best VPN (opens in new tab)
- The need for open source audits in cybersecurity M&As (opens in new tab)
The claims were made by Fox-IT after a two year investigation into compromised systems, which they released in a whitepaper in which they identified the hackers’ activities and methods.
The key actor was identified as the APT20 hacking group, which is claimed to have worked under the authority of the Chinese government for nearly ten years. The group targets government agencies and Managed Service Providers (MSPs) by exploiting vulnerabilities in web servers to access networks.
From there, they can install web shells to facilitate moving through the IT networks, focusing on enterprise application platforms. The hackers also targeted user workstations with administrator privileges, as well as password vaults.
The most surprising finding was that Two-Factor Authentication (2FA) protocols could be bypassed in vulnerable systems, with the hackers able to generate their own software tokens for access within exploited software.
Fox-IT reports that the easiest way to defend against such attacks is by robust use of segmentation, as well as leveraging Microsoft’s Enhanced Security Administrative Environment (ESAE) for greater security.
Via ZDnet (opens in new tab)
- Check out the best network monitoring tools (opens in new tab).