The Fox-IT report comes to fill in a gap in the group’s history. APT20’s hacking goes back to 2011, but researchers lost track of the group’s operations in 2016-2017, when they changed their mode of operation. Fox-IT’s report documents what the group has been doing over the past two years and how they’ve been doing it. According to researchers, the hackers used web servers as the initial point of entry into a target’s systems, with a particular focus on JBoss, an enterprise application platform often found in large corporate and government networks.
Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. From a report: The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a report published last week. The group’s primary targets were government entities and managed service providers (MSPs). The government entities and MSPs were active in fields like aviation, healthcare, finance, insurance, energy, and even something as niche as gambling and physical locks.