Forbes Website Attacked Select Readers with Malware

Media

You know that annoying “Welcome” screen visitors must click through to read stories on Forbes.com? Well it became a lot more annoying for the site’s tech support staff, when suspected Chinese intruders breached the page to insert malware that could invisibly hack U.S. defense and financial industry readers.

The news site's “Thought of the Day” screen, which appears when readers visit the site, was compromised -- invisibly redirecting visitors from certain organizations to another site where their computers could be infected with malware without their knowledge.

“Researches have linked similar malware controlled by the same server used in the Forbes attack to breaches of Web sites frequented by domestic Chinese dissident groups,” the Post reports.

On Dec. 1, 2014, Forbes discovered that on Nov. 28, 2014 a file had been modified on a system related to the Forbes website. The publication’s investigation found no evidence any data was copied.

The attack exploited two previously undisclosed coding flaws — typically called "zero day" vulnerabilities. The first was a problem with Adobe Flash, which the company patched Dec. 9, 2014, and the second was an Internet Explorer flaw, which Microsoft released a fix for this Tuesday. The attack used the Internet Explorer flaw when the Flash flaw alone was not enough to compromise a reader’s system.

The hack redirected select site visitors to a malicious page where their computers were silently attacked by malware.

Cybersecurity consultants said they determined in late November 2014 that one of their defense industry clients had been targeted by the attack. They stopped the infection from spreading inside the client’s network. A forensic investigation helped determine the origin of the attack.

Researchers tied the hack to a cyberespionage group called Team Codoso, AKA as the Sunshop Group, which has a long history of similar "watering hole" style or “drive by” attacks.