Skip to main content

Chinese hackers allegedly bypassed 2 factor-authentication, claims report

Security researchers have discovered a hacker group has been bypassing 2FA, more commonly known as two-factor authentication. The group, known as APT20, has ties to the Chinese government and that they have been targeting other government entities. A Dutch security firm called Fox-IT was the one to discover the attacks and publish a report on it.

The hacker group’s activities date back all the way to 2011, however, the report states that security researchers lost track of APT20 once they change their modus operandi. Its only in the last two years that Fox-IT has been able to figure out what the group has been up to. The group had allegedly been infiltrating targeted computers using a sophisticated method of first isolating a vulnerable machine on the target network. Then, the group would install web shells and start looking for administrator passwords on the machine. What stood out to the researchers was that fact that APT20 was able to connect to VPNs protected by 2FA.

Fox-IT notes that they aren’t sure about how APT20 managed to bypass 2FA on those VPN accounts, but do offer a hypothetical. “The software token is generated for a specific system, but of course this system specific value could easily be retrieved by the actor when having access to the system of the victim.

As it turns out, the actor does not actually need to go through the trouble of obtaining the victim's system specific value, because this specific value is only checked when importing the SecurID Token Seed, and has no relation to the seed used to generate actual 2-factor tokens. This means the actor can actually simply patch the check which verifies if the imported soft token was generated for this system, and does not need to bother with stealing the system specific value at all.

In short, all the actor has to do to make use of the 2 factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.”

While the hacker group was only focused on infiltrating government institutions, what’s rather scary is that they were able to find a way to circumvent 2 factor authentication, currently one of the most secure ways of keeping your account safe. The report doesn’t state whether the fundamental nature of 2FA has been violated, or whether it was only a weak link in the entire authentication chain that allowed the hackers to pull this off.



from Latest Technology News https://ift.tt/2ZkAxWa
Labels:

Comments

Post a Comment

Popular posts from this blog

YouTube Music Season Recap 2022: How to View the Spring Recap

YouTube is a jump ahead of Spotify with its Season Rewind playlist feature. Well, besides playlists, the service offers you a list of your most played artists, songs, albums, etc in the previous season. It will be a recurring thing and is poised to come out every season. Meanwhile, its biggest competitor Spotify’s Wrapped is a bop every time it lands but is limited to annual appearance. There in lies one big difference between the two approaches. Let’s see what else you could expect out of the new YouTube Music feature. YouTube Season Recap: How it works Source: u/DecentSizedTurd (Reddit) Like the YouTube Recap 2021, this one too would share personalized listening stats. YouTube calls this “an exploration of your top artists, songs, albums and playlists over the last season”. To view it, you just need to go to music.youtube.com/recap or the landing page on the YouTube Music app for Android and iOS. Right now, only some users have got the spring Youtube Music playlist. But the...
Post a Comment
Read more