A group of hackers from China have found a way to break into the security system of verification of a two-step or two-factor authentication (2FA). Based on reports from cyber security researcher Fox-IT, the hacker group is believed to operate under the auspices of the Chinese government.
Hacker group called APT20 is known as a hacker who targeted organizations or government agencies as the target of attacks. These hackers are known to have operated in 10 major countries in the world. In launching its attacks, Fox-IT said that the APT20’s main target group was the industrial and government sectors which were spread all over the world.
“We have identified victims spread across 10 countries consisting of the government sector, service providers and various other industries such as energy, health and technology,” explained Fox-IT. The 10 countries reported included Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, Britain and the United States.
Quoted from Gizmodo, Saturday (12/28/2012), in launching its action, APT20 allegedly stole SecurID RSA data on a hacked system. The code will then be used to generate a valid access code and can be used to pass two-step verification access.
For information, two-step verification or two-factor authentication (2FA) is a security scheme that utilizes users’ email and telephone numbers. In short, two-step verification is an additional security system, which requires users to enter a series of codes when going into a particular account.
The code is usually sent via the user’s mobile number. In addition, Fox-IT also reported, this hacker group managed to avoid radar monitoring by relying on “official” channels through VPN access. APT20 also uses special backdoors access on several servers.
From there, the perpetrators can by stealing data on the victim’s system. After completing the action, APT20 will delete existing illegal tools and files to eliminate traces and avoid forensic investigations. Fox-IT investigated the APT20 attack thanks to the results of an investigation from a company that was the victim of this hack.