Chinese hackers find an easy way to crack two-factor authentication system

Fox-IT, a cyber security company, has published a report on the activities of the hacker group APT20. According to the characteristic style of work, she is considered Chinese, working in conjunction with the authorities. Recently, APT20 members had to be expelled from the servers of one corporation, where they penetrated, deceiving a two-factor authorization system (2FA).

APT20 is an extremely cautious and secretive organization. The last time she made herself felt in 2011, and for a long time was considered "lost", retired. Instead, the enterprising Chinese, as it turned out, were preparing to hack a two-factor authentication system in order to continue to provide themselves with a comfortable penetration into other people's networks. This is their professional feature - not to introduce any of their own, additional software, use only standard solutions so as not to attract attention.

Regarding the 2FA hack, experts said the following. Apparently, the hackers managed to steal the RSA SecurID token from the system of interest to them, after which they faked only one access key based on it. It turned out that it was not necessary to get physical access to the system or its unique digital signature in order to generate the necessary access codes. If there is no purpose to import the RSA SecurID core and make access keys from different places, then the check is limited to the character area of ​​the key. The one that was successfully faked in the APT20.

This can hardly be called a vulnerability, because during the investigation, experts came to the conclusion that someone handed the original token to the hackers. Or they stole it themselves, but if you already have a part of the key to the lock, hacking becomes much easier. And this is not a reason to refuse such protection. The actions of the APT20 were blocked, the corporation was asked not to talk about the damage caused by hackers.

Post a Comment