A Russian hacker group – Cozy bears have made a name for themselves around the globe as they have hacked around 18,000 public and private organizations using a supply chain attack to contaminate security tools being used by the organizations.
According to sources, specialists at the security firm Volexity say the group conceived an astute method to sidestep multi-factor-authentication frameworks protecting the organizations they deployed on.
After gaining access to the network, the hackers used their privileges in the system to take the Duo Security ‘akey’ – A string generated for a user that is kept secret from Duo. They used the secret key to generate a cookie for the user that contained their username and password giving them complete access.
It is not only Duo Security but multiple other multi-factor-authentications platforms that were exploited using by the hackers. It is even suspected that US government agencies were breached by the Russian hackers as well.
Volexity says that they experienced similar assailants in late 2019 and mid-2020 as they hacked a research organization association multiple times. The security firm accepted that the aggressors had the option to stay undetected for quite a while in the research organization’s framework.
In ongoing reports, both Washington Post and New York Times have referred to individuals from the public authority individuals saying the gathering behind the hacks was referred to both as APT29 and Cozy Bear, a high-level relentless danger bunch accepted to be important for the Russian Federal Security Service (FSB).
Image Source: OneSpan