In a recent series of attacks, security researchers claim they have found indications that a hacking group linked to the Chinese government has been going around two-factor authentication (2FA). The attacks have been attributed to a group known as APT20, which is thought to operate at the behest of Beijing per a report from Dutch cybersecurity firm Fox-IT, ZDNet reported.
The report from Fox-IT details a gap in the history of the group. While its hacking reportedly dates back to 2011, researchers lost track of its operations in 2016-17, before starting to track the group again in 2018. The company’s report indicates what the group has been up to during the past two years.
The hackers reportedly tapped into web servers as the first point of entry into the systems of a target. It had a focus on JBoss, in particular, which is an enterprise application platform typically found in use by governments as well as corporate networks.
APT20 reportedly utilized the flaws to vulnerabilities to get into the servers, put web shells into place, and spread laterally.
The primary targets of the group were managed service providers (MSPs) and government entities. The MSPs, as well as government entities, were active in fields such as healthcare, aviation, insurance, finance, energy, physical locks, and gambling.
In separate news, Czech cybersecurity company Avast was hacked by an outside actor suspected to have ties to China.
According to reports, both Czech counterintelligence service BIS and Avast detected an attack on the company. Avast said it first found suspicious activity on its network on Sept. 23. The company involved the BIS in addition to Czech law enforcement authorities, with the inclusion of a forensics team.
“Everything from data analysis so far suggests that the attack came from China, with the intention to take control of the popular optimization tool CCleaner, and through that also users’ computers,” BIS said in a statement per reports at the time.