Back to Hub

Russian Hackers Bypass 2FA Using App Password Exploits

Imagen generada por IA para: Hackers rusos eluden 2FA explotando contraseñas de aplicaciones

The 2FA Bypass Epidemic: How App Passwords Became the Weak Link

Security researchers have uncovered a disturbing trend in enterprise breaches: Russian cybercriminals are systematically bypassing two-factor authentication (2FA) protections by exploiting a legitimate feature found in many business applications - app passwords.

The App Password Exploit

Many services like Microsoft 365, Google Workspace, and Slack offer 'app passwords' - temporary credentials that allow legacy applications to access accounts without 2FA prompts. Attackers are now:

  1. Using sophisticated phishing to trick employees into generating these passwords
  2. Mimicking IT department communications with urgent update requests
  3. Leveraging the app passwords for persistent access even after credentials change

Technical Execution

The attack chain begins with meticulously crafted emails appearing to come from internal IT teams, requesting users to generate app passwords for 'security updates'. Once created, these passwords grant attackers the same access level as the victim, completely bypassing SMS or authenticator app-based 2FA.

The North Korean Connection

In a parallel development, cybersecurity firms have identified North Korean state-sponsored groups (Lazarus Group) distributing trojanized Zoom applications containing:

  • Malicious scripts buried 10,000+ lines deep in code
  • Meeting hijacking capabilities
  • Cryptocurrency wallet drainers

The malware specifically targets financial sector employees, intercepting Zoom calls about transactions to redirect funds.

Defense Recommendations

  1. Disable app passwords where possible
  2. Implement conditional access policies
  3. Educate employees about app password risks
  4. Monitor for unusual app password generation
  5. Use hardware security keys for critical systems

These incidents demonstrate that as authentication evolves, so do attacker methodologies - requiring continuous adaptation of security postures.

Original source: View Original Sources
NewsSearcher AI-powered news aggregation
Published: 29/06/2025

Comentarios 0

¡Únete a la conversación!

Sé el primero en compartir tu opinión sobre este artículo.