Bypassing of two-factor authentication
Date of report
  • December 2019
  • APT 20
A China-aligned attacker bypassed virtual private network (VPN) accounts protected by two-factor authentication to attack governments and managed service providers in a multitude of industries.
Suspected victims
  • Governments and managed service providers in the U.S., Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, and the United Kingdom
Suspected state sponsor
  • China
Type of incident
  • Espionage
Target category
  • Government
  • Private sector