Tuesday, February 17, 2015
Forbes Web site was compromised by Chinese cyberespionage group
on the U.S. defense and financial industry, according to cybersecurity
researchers at iSIGHT Partners and Invincea. For three days late last year,
the news site's "Thought of the Day" widget, which appears when readers
visit the site, was compromised - seamlessly redirecting visitors from
certain organizations to another site where their computers could be
infected with malware without their knowledge.
Researches have linked similar malware controlled by the same server used in
the Forbes attack to breaches of Web sites frequented by domestic Chinese
dissident groups. The hack comes amid growing concerns that even the most
trusted sites can be used by hackers aimed at infiltrating sensitive
industries. The attack worked by leveraging two undisclosed coding flaws -
typically called "zero day" vulnerabilities. The hack redirected some of the
site's visitors to a malicious site where their computers were silently
attacked by malware.