Dutch cybersecurity firm Fox-IT said in a report that a hacker group associated with the Chinese government has been bypassing two-factor authentication (2FA) in a recent series of attacks.
The chief target of the recent attacks by APT20 group, which is believed to operate at the behest of China's government, were government entities and managed service providers in fields including aviation, healthcare, finance, insurance, and energy. The Fox-IT analysts said the group used Web servers as the initial point of intrusion, with special emphasis on the JBoss enterprise application platform often found in large corporate and government networks.
The analysts determined the hackers linked to virtual private networks shielded by 2FA, theoretically by stealing an RSA SecurID software token from a hacked system, then using the token on its computers to produce valid one-time codes and bypass 2FA at will.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
No entries found