Chinese hackers succeed in bypassing the two-stage validation system to penetrate several institutions in different countries

The “Two-factor Authentication” feature is something that many corporate users recommend. This is because this feature is considered safer compared to using the username and password because an additional code is created after writing the username and password and it is sent via text message to the user's phone to make sure that he is really the one who wants to log into his account instead of someone else who has the name Correct user and correct password.

However, according to a report by the ZDNet website, it appears that Chinese hackers known as the APT20 seem to have bypassed the two-stage authentication feature as they were able to penetrate different systems in up to 10 countries.

According to Fox-IT, an IT security company, she stated: “We identified victims of this group in 10 countries where the attacks included government institutions, management service providers, and a wide range of industries, including energy, healthcare, and high-tech.” The affected countries included Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States.

However, it is unclear how this group managed to bypass the two-stage validation system. Bypassing this protection system is completely unknown, but it's a fairly sophisticated attack, and Fox-IT believes it was done through legitimate channels like VPN.