Chinese cyberattackers hijacked the Forbes.com website’s “Thought of the Day” feature, which greets every visitor to the site, and redirected some visitors to a site that would serve up malware, the Washington Post reported on Tuesday (Feb. 10).
The attack on the popular financial-news site apparently began on Nov. 28, during the Thanksgiving holiday weekend, according to a statement Forbes gave to the Post. A file related to the “Thought of the Day” feature had been modified to redirect website visitors from certain defense and financial organizations to a malicious site where their computers would be infected with malware. Forbes said it discovered and fixed the problem on Dec. 1, the Monday after the long weekend.
The attack depended on two previously undisclosed vulnerabilities, one in Adobe Flash and the other in Microsoft’s Internet Explorer browser, according to security researchers at iSIGHT Partners and Invincea. Both security holes have since been patched — the Flash problem on Dec. 9, and the Internet Explorer flaw this week.
The researchers told the Post that they confirmed the attack targeted at least some companies within the defense and financial services industries, but it’s possible its reach was larger. Cybersecurity monitoring company Invincea said it determined in late November that a defense industry client was being targeted by an attack. Invincea stopped the malware’s spread inside the client’s firewall and was able to pinpoint Forbes.com as the path of the attack, company officials said.
The researchers said the attack appeared to be the work of a Chinese cyberespionage group known variously as Codoso Team or Sunshine Group, which has a long record of “watering hole”-style attacks in which popular sites are infected but only certain visitors are targeted, according to the Post.
Chinese cyberespionage groups have been blamed for a wide-ranging campaign against U.S. government, defense, finance and pharmaceutical targets that has been going on for years. The breach of systems at health-insurer Anthem revealed last week, which compromised records of 80 million individuals, may have been part of the same campaign, although the Anthem attack was probably not by the same group that hijacked Forbes.com, researchers said.