2-step verification is an extra security measure that an application uses when connecting to a service or a device. But the 2-step authentication was avoided by a group of hackers from China known as APT20. The government, industries, and various corporations across the world are concerned about the issue. This is disturbing news for the world of cybersecurity. APT 20, a criminal hacking organization from China was able to avoid the important 2-step verification, that is used as a safety precaution by vast services on the internet such as Google, Whatsapp, Instagram, etc. But above all this, this issue is a major concern for banking institutions that rely on internet services for their conduct.
The APT20 group was caught avoiding the 2-step Verification:
After successfully breaking the verification process, APT20 was able to get access to some government agencies, corporate databases, and servers of various industries. The activity was discovered by Fox-It, a Dutch security specialist, when it received a complaint from one of the victims and upon investigation, it was able to identify the criminal group responsible for the attack. The corporations hit by the attack are spread over 10 nations and different sectors, some of which include Germany, Britain, France, the US, and China. The sectors affected are flight, architecture, banking, power, security, transportation, HR services, etc. The attack, however, doesn't affect the general public, as it focuses much on the corporations.
What is a 2-step verification?
Today, 2-step verification has become an official security order and is used worldwide by the users as an assurance of security (even if the users are unaware, their systems rely on this method). The safety method comes along with an extension to the typical login-password credentials process. 2-step verification operates when the user enters his credentials while logging into a device, following which he is sent a temporary code.
The 2-step verification asks the user a temporary code that he has to enter while logging in to the device. For instance, Google systems like Gmail retrieves the user back to his device for confirming the identity. Only after making sure that the user is authenticated and not a fraud, he is allowed access into the specified device. After filling in the code, the user verifies his identification to the system.