Forbes Hacked: Attackers Cited as Possible Chinese Spies
Forbes was hacked last November and are beginning to believe the attackers were from China. In an article on the subject, one staff member named Thomas Fox-Brewster said that two security firms are starting to believe Forbes fell victim to Chinese cyber espionage.
The hackers tinkered with the Adobe Flash widget that delivers the Thought of the Day page that visitors to Forbes.com are taken to when they visit the site. The attackers did this to send specially-chosen visitors to a hacker-controlled site that would serve up an exploit against a zero-day vulnerability in Flash and, if it was needed, another flaw in Microsoft’s Internet Explorer.
According to Fox-Brewster, malware could be downloaded onto targets systems with the goal to acquire very basic information. Fortunately, anyone using a browser other than Internet Explorer are assumed safe from the attack.
“Forbes took immediate actions to remediate the incident. The investigation has found no indication of additional or ongoing compromise nor any evidence of data exfiltration. No party has publicly claimed responsibility for this incident,” one Forbes spokesperson said.
Forbes May Be a Target by Chinese Cyberespionage Groups
After two months of research, two security firms – iSight and Invencea – are pinning the blame on a Chinese spy group known as Codoso Team. Also going under the name Sunshop Group, iSight believes the attackers used a whitelisting method to decide who to attack.
However, the allegations aren’t enough to fully pin the blame. Codoso Team is currently the only suspect, but the evidence surrounding the hack isn’t substantial enough to lead Forbes to that conclusion wholeheartedly.
The firm claimed the malware used by the hackers, which would attempt to download itself after visitors hit the Forbes.com site, was written in simplified Chinese and was similar to another malicious software called Derusbi, a strain ‘unique to Chinese cyber espionage operators.
While the malware itself being written in Chinese is enough to peg the location, the specific group is unknown. According to the security firm CrowdStrike, another hacking group called Deep Panda may be to blame. Unfortunately for Forbes, the investigation is still ongoing.
International hacking is something that’s on the rise lately in China and Russia, with a Hong Kong lawmaker losing $65,000 to a simple phishing incident and Russian hackers being blamed for the infamous Sony hack. Then again, that’s not to say the United States and United Kingdom don’t house their fair share of malicious hackers.
Fox-Brewster ended the announcement of the Forbes hacking with a recap of what the company knows, outlining again that they can’t fully peg Codoso Team or Deep Panda at fault.
Here’s what we know right now: The hackers used two zero-days to launch attacks on a specific subset of readers and there haven’t been any reported cases of successful exploitation, though they could exist. The attackers have not been able to establish any foothold on Forbes’ network. Chinese hackers appear to be the most likely suspects, but there’s no definitive proof.
Images from Shutterstock and Wikimedia.