Fox-IT say they found evidence that a group known as APT20, believed to operate on the behest of the Beijing government has been bypassing RSA two-factor authentication in a recent wave of attacks. “We have identified victims of this actor in 10 countries, in government entities, managed service providers and across a wide variety of industries, including Energy, Health Care and High-Tech,” its report states.
The investigation asserts that the hack “stole” the SecurID Software Token and so managed to generate the one time codes and access the VPN connections with impunity. It does reinforce US NIST (Digital Identity Guidelines) placing OTPs like SecurID in the lowest Assurance Level.
Disappointing result for Dell’s Flagship Authentication product.
Of course, such an attack can never happen with CASQUE which fulfils the highest NIST Assurance Level and is certified by NCSC as suitable for Secret.