Yuan et al. have recently introduced a Group Key Transfer (GKT) protocol that permits multiple entities to share a common secret key. Starting from the original version of the protocol, we describe a chain of alternating attacks and countermeasures. First, we present a replay attack and indicate a possible fix, inspired by the analogous work of Nam et al. (applied to the similar protocol of Harn and Lin). Second, we review a successfully insider attack against the improved version that we have revealed in a previous work and introduce a countermeasure that stands against the latter attack. Finally, we mention a password guessing attack inspired by the work of Kim et al. that can be mounted against the original protocol and both the improved versions.