Chinese hackers hijacked Forbes.com and used the site as part of an attack, including of some members of the U.S. defense and financial industry, according to cybersecurity researchers at iSIGHT Partners and Invincea.
For three days late last year, the news site's "Thought of the Day" widget, which appears when readers visit the site, was compromised -- seamlessly redirecting visitors from certain organizations to another site where their computers could be infected with malware without their knowledge.
Forbes acknowledged the incident. "On December 1, 2014, Forbes discovered that on November 28, 2014, a file had been modified on a system related to the Forbes web site," the outlet said in a statement. "The file was immediately reverted and an investigation by Forbes into the incident began. Forbes took immediate actions to remediate the incident." The news outlet's investigation found "no indication of additional or ongoing compromise nor any evidence of data exfiltration," according to the statement.
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Using Forbes.com was "fairly brazen" and a shrewd move, said Steve Ward, senior director at iSIGHT Partners. "It's a trusted place that all of the employees in a targeted organization are going to be allowed to go to," he explained.
The attack worked by leveraging two undisclosed coding flaws -- typically called "zero day" vulnerabilities.
The first was a problem with Adobe Flash, which the company patched December 9th, and the second was an Internet Explorer flaw, which Microsoft released a fix for on Tuesday. The Internet Explorer flaw was deployed by the attackers when the Flash flaw alone was not enough to compromise targeted visitors' systems.
The hack redirected some of the site's visitors to a malicious site where their computers were silently attacked by malware. The researchers said they believe the malware was only used to infect a select group of targets, despite the broad audience of Forbes.com, which is ranked among the top 200 most visited sites globally by Alexa. The researchers said they confirmed the attack targeted at least some companies within the defense and financial services industries although it's possible its reach was larger.
The researchers attributed the hack to a cyberespionage group called Team Codoso, also known as the Sunshop Group, which has a long history of similar "watering hole" style attacks. Researchers at FireEye linked the group to attacks affecting multiple Korean military and strategy think tanks and a Uighur news and discussion site, among others, in 2013.
The Washington Post
Wed Feb 11 2015
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Japanese manicurist takes on plastic pollution, one nail at a time
Before global leaders address plastic pollution, a Japanese manicurist highlights the issue by incorporating it into her nail designs.
What to watch for ahead of US presidential inauguration
Here's a timeline of events between now and inauguration day.
The battle to reduce road deaths
In Malaysia, over half a million road accidents have been recorded so far this year.
Pro-Palestinian NGOs seek court order to stop Dutch arms exports to Israel
The Dutch state, as a signatory to the 1948 Genocide Convention, has a duty to take all reasonable measures at its disposal to prevent genocide.
How quickly can Trump's Musk-led efficiency panel slash US regulations?
Moves by Trump and his appointees to eliminate existing rules will be met with legal challenges, as many progressive groups and Democratic officials have made clear.
2TM: Consultations on PTPTN loans, admission to IPTA at MOHE booth
Consultations on PTPTN loans and admission to IPTA are among services provided at the Higher Education Ministry booth.
Kampung Tanjung Kala residents affected by flooded bridge every time it rains heavily
Almost 200 residents from 60 homes in Kampung Tanjung Kala have ended up stuck when their 200-metre (m) long concrete bridge flooded.
COP29 climate summit draft proposes rich countries pay $250 billion per year
The draft finance deal criticised by both developed and developing nations.
Bomb squad sent to London's Gatwick Airport after terminal evacuation
This was following the discovery of a suspected prohibited item in luggage.
Kelantan urges caution amidst northeast monsoon rains
Kelantan has reminded the public in the state to refrain from outdoor activities with the arrival of the Northeast Monsoon season.
Former New Zealand PM Jacinda Ardern receives UN leadership award
Former New Zealand prime minister Jacinda Ardern was given a global leadership award by the United Nations Foundation.
ICC'S arrest warrants for Netanyahu, Gallant an apt decision - PM
The decision of the ICC to issue arrest warrants against Benjamin Netanyahu and Yoav Gallant is apt, said Datuk Seri Anwar Ibrahim.
KTMB provides two additional ETS trains for Christmas, school holidays
KTMB will provide two additional ETS trains for the KL Sentral-Padang Besar route and return trips in conjunction with the holidays.
BNM'S international reserves rise to USD118 bil as at Nov 15, 2024
Malaysia's international reserves rose to US$118.0 billion as at Nov 15, 2024, up from US$117.6 billion on Oct 30, 2024.
Findings by dark energy researchers back Einstein's conception of gravity
The findings announced are part of a years-long study of the history of the cosmos focusing upon dark energy.
NRES responds to Rimbawatch press release on COP29
The Ministry of Natural Resources and Environmental Sustainability (NRES) wishes to offer the following clarifications to the issues raised.
Online Safety Bill and Anti-Cyberbullying Laws must carefully balance rights and protections
The Online Safety Advocacy Group (OSAG) stands united with people in Malaysia in the fight against serious online harms.
Malaysia's inflation at 1.9 pct in Oct 2024 - DOSM
Malaysia's inflation rate for October 2024 has increased to 1.9 per cent, up from 1.8 per cent in September this year.
Saudi Arabia showcases Vision 2030 goals at Airshow China 2024
For the first time, Saudi Arabia is participating in the China International Aviation & Aerospace Exhibition held recently in Zhuhai.
King Charles' coronation cost GBP 71mil, govt accounts show
The coronation of Britain's King Charles cost taxpayers GBP72 million (US$90 million), official accounts have revealed.