Dutch security firm Fox-IT report, Chinese hackers APT20 be found in the recent attacks can bypass two-step verification . The main objectives of the organization are government agencies and managed service providers. Security researchers said hackers using a web server as the target system into the initial entry point, a goal is to take advantage of large enterprises and government agencies commonly used in enterprise-class application platform JBoss.
APT20 exploit to access the web server, install web shells, then gradually penetrate into the system. After the hacker will look for an administrator account, as well as for external network access from within the network VPN account.
Security researchers found that hackers can bypass the two-step authentication VPN account to use, they may be hackers to guess the RSA SecurID software token, use it to generate valid one-time code.
