A Chinese hacking group believed to operate on behalf of the Beijing government has learned how to bypass two-factor authentication (2FA) in attacks on government and industry targets, ZDNet reported on Monday.

The group, known as APT20, has reportedly sought to compromise VPN credentials that would grant them heightened levels of access across their victims’ networks, according to ZDNet, citing a new report from Dutch cyber-security firm Fox-IT.