Chinese hackers hijacked Forbes.com and used the site as part of an attack, including of some members of the U.S. defense and financial industry, according to cybersecurity researchers at iSIGHT Partners and Invincea.
For three days late last year, the news site's "Thought of the Day" widget, which appears when readers visit the site, was compromised -- seamlessly redirecting visitors from certain organizations to another site where their computers could be infected with malware without their knowledge.
Forbes acknowledged the incident. "On December 1, 2014, Forbes discovered that on November 28, 2014, a file had been modified on a system related to the Forbes web site," the outlet said in a statement. "The file was immediately reverted and an investigation by Forbes into the incident began. Forbes took immediate actions to remediate the incident." The news outlet's investigation found "no indication of additional or ongoing compromise nor any evidence of data exfiltration," according to the statement.
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Using Forbes.com was "fairly brazen" and a shrewd move, said Steve Ward, senior director at iSIGHT Partners. "It's a trusted place that all of the employees in a targeted organization are going to be allowed to go to," he explained.
The attack worked by leveraging two undisclosed coding flaws -- typically called "zero day" vulnerabilities.
The first was a problem with Adobe Flash, which the company patched December 9th, and the second was an Internet Explorer flaw, which Microsoft released a fix for on Tuesday. The Internet Explorer flaw was deployed by the attackers when the Flash flaw alone was not enough to compromise targeted visitors' systems.
The hack redirected some of the site's visitors to a malicious site where their computers were silently attacked by malware. The researchers said they believe the malware was only used to infect a select group of targets, despite the broad audience of Forbes.com, which is ranked among the top 200 most visited sites globally by Alexa. The researchers said they confirmed the attack targeted at least some companies within the defense and financial services industries although it's possible its reach was larger.
The researchers attributed the hack to a cyberespionage group called Team Codoso, also known as the Sunshop Group, which has a long history of similar "watering hole" style attacks. Researchers at FireEye linked the group to attacks affecting multiple Korean military and strategy think tanks and a Uighur news and discussion site, among others, in 2013.
The Washington Post
Wed Feb 11 2015
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Bekas pemain nombor satu dunia, Kento Momota umum bersara
Juara dunia dua kali Kento Momota berkata dia akan bersara daripada badminton antarabangsa ketika usianya kini 29 tahun.
Pekerja kilang belacan dituduh membunuh
Seorang pekerja kilang belacan didakwa di Mahkamah Majistret Teluk Intan atas tuduhan membunuh seorang lelaki awal bulan ini.
Kerajaan Perpaduan umum calon minggu depan
Kerajaan Perpaduan dijangka mengumumkan calon bagi pilihan raya kecil (PRK) Kuala Kubu Baharu minggu depan.
Setiausaha Agung Barisan Nasional (BN), Datuk Seri Zambry Abdul Kadir memaklumkan bahawa pengumuman mengenainya akan dibuat sekitar dua hari sebelum penamaan calon.
Setiausaha Agung Barisan Nasional (BN), Datuk Seri Zambry Abdul Kadir memaklumkan bahawa pengumuman mengenainya akan dibuat sekitar dua hari sebelum penamaan calon.
AWANI Ringkas: Calon kerajaan diumum minggu depan
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
Kelantan beri kerjasama penuh jayakan sambutan Aidilfitri MADANI
Mohd Nassuruddin berkata satu mesyuarat bersama akan diadakan dalam masa terdekat bagi menentukan gerak kerja dan lokasi program berkenaan.
Zendaya hidupkan watak wirawati tenis menerusi filem Challengers
Challengers mengikuti watak Zendaya, seorang bintang tenis yang bercita-cita tinggi yang meninggalkan kerjayanya selepas kecederaan teruk.
PHAM 2024: Tengku Hassanal berkenan sertai pengalaman XR - 'Global Collaboration Village'
Kehadiran Pemangku Raja Pahang itu adalah bersempena dengan Sidang Kemuncak Kesihatan Planet 2024 dan Mesyuarat Tahunan ke-6 (PHAM 2024).
Sanusi kahwin lagi: Antara 'Dok Pahang' dengan 'Duduk Pahang'
Menteri Besar Kedah, Datuk Seri Muhammad Sanusi Md Nor memaklumkan bahawa kapsyen bertulis 'Dok Pahang' yang dimuat naik di akaun FB miliknya beberapa hari lepas membabitkan saranan berkahwin.
Letusan Gunung Ruang: Kualiti udara Sabah, Sarawak masih selamat - MetMalaysia
Ketinggian letusan yang dicerap, adalah sehingga 55,000 kaki, dan awan debu yang terbentuk boleh menyebabkan risiko kepada keselamatan pesawat.
Rashid tak pernah terbayang Malaysia lalui kemarau panjang menang Piala Thomas
Tidak pernah terdetik dalam hati Datuk Rashid Sidek bahawa Malaysia akan melalui kemarau panjang untuk memenangi semula Piala Thomas.