Many analysts have always believed that the Chinese government is linked to hacking attempts. Well, this has proven valid as some security researchers have found strong evidence of the involvement of hacking groups linked to the Chinese Government in a recent wave of attacks. These hackers have been bypassing 2FA (two-factor authentication) to bypass security. The hacking group is known as APT20, and it is believed that APT20 has the support of the Chinese Government. In this regard, a report was published for Fox-IT, a Dutch Cyber Security Firm.
what is Report Apt20 Chinese 2facimpanuzdnet ?
As per the report, the target of the hacking group has mainly been government entities, and they have been targeting managed service providers. These entities are usually active in domains like finance, aviation, healthcare, energy, insurance, and physical locks. In an article on ZDNet, Catalin Cimpanu shared some more insights about the report. He mentioned that the hacking activities of APT20 can be traced back to 2011. In 2016-2017, APT20 changed its mode of operation. The report also highlights the group activities for the last two years and how they have planned these cyber attacks.
The analyst suggests that the hackers have been using web servers as a point of entry into the system. The primary focus of APT20 has been JBoss, as this is commonly used in government and large corporate networks. The vulnerabilities across the platform are then used to gain access to these web servers. Using this access, APT20 installs Web Shells, and from there, the malware spreads across the internal network. To maximize their access, APT20 targeted administrator accounts. VPN accounts have also been used for backdoor entries into the system. All these allowed the hackers to access the secure zone of the network. So report apt20 chinese 2facimpanuzdnet means Chinese state-sponsored group APT20 Caught Red-handed .
The hacking group is known for staying under the radar even after multiple hacking attempts. This happened because the hacking group used legitimate tools already installed on hacked devices. APT20 never downloaded their custom-built malware, as the security scans could have detected that. What is more surprising is that the hacking group was able to access VPN accounts that were even protected by 2FA. It is possible that the group stole software tokens from the hacked system and used the stolen RSA token information to bypass the two-factor authentication.