Electronic SecurityNews

China Backed Hacker Group APT20 Successfully Breach 2FA Security Mechanism

Some firms often recommend Two-factor authentication (2FA) as an extra layer of security. It’s supposedly perfect as one a part of the puzzle is always with the user, making it tough for anyone remotely to enter a system.

While there are ways to bypass 2FA, it is somewhat tough. A hacking organization reportedly backed by the Chinese government has efficiently managed to breach 2FA in a sophisticated way.

Based on a report by Dutch cyber-security agency Fox-IT, hackers from APT20 targetted government and private individuals in over ten international locations including Brazil, France, China, Italy, Germany, Mexico, Portugal, Spain, the U.K., and the U.S. Aviation, healthcare, finance, insurance, and energy firms have been the primary targets of the hack, which came to light when one of many affected firms contacted Fox-it.

The RSA SecurID authentication algorithm consists of a hardware or software “token”. APT20 successfully managed to compromise one such RSA SecurID software program token and then used it to generate legit software keys at will. These tokens are virtually ineffective without accompanying hardware; however, the hackers discovered a way around that too.

Because of this, APT20 might now freely log in to company VPNs, additional establishing their presence in a network.

While the prospect of 2FA being breached is a terrifying one, there is no purpose of ceasing using it. It’s arguably one of the robust types of security available today and can continue to be until companies determine how to add a 3rd authenticating factor.


Carlton Peterson

Carlton is the contributing author of electronic security. His field of communication is fascinating since he writes about that side of the industry which is costly, less used but more inclined upon by developed countries. Electronic securities have been seeing an upward graph nowadays, but the current scenario still needs to be changed. Carlton’s articles reflect the real happening wrapped up in formally written words.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *