China is known to sponsor several hacking collectives. APT20 a very active community of criminals, wasn’t officially linked to any country, until now.
New research by Fox-IT seems to indicate APT20 is working on behalf of the Chinese government.
APT20 may be a Government Initiative
More specifically, the security agency looked at victims across different countries.
The attack method and purpose are often the exact same across all cases.
APT20 Members steal password and bypass 2FA measures, among other things.
Based on the patterns used, a swell as the deployed toolkits, there appears to be some hint of a government-funded operation.
Interestingly enough, most of this collective’s attacks are achieved through access via legitimate channels.
All of their traces are masked once a job is done.
That latter aspect makes it very difficult to determine who this group is and where they operate from.
Why this would point a finger of blame at China, is not entirely clear.
The country is well-known for actively sponsoring major hacking groups through financial means and otherwise.
Considering how complex the tools used by APT20 are, there is some concern these would only be obtained through government channels.
For now, the group remains very active and all corporations need to be aware of their presence.
Taking the necessary countermeasures is more crucial than it has ever been before.