Chinese hackers hijacked Forbes.com and used the site as part of an attack, including of some members of the U.S. defense and financial industry, according to cybersecurity researchers at iSIGHT Partners and Invincea.
For three days late last year, the news site's "Thought of the Day" widget, which appears when readers visit the site, was compromised -- seamlessly redirecting visitors from certain organizations to another site where their computers could be infected with malware without their knowledge.
Forbes acknowledged the incident. "On December 1, 2014, Forbes discovered that on November 28, 2014, a file had been modified on a system related to the Forbes web site," the outlet said in a statement. "The file was immediately reverted and an investigation by Forbes into the incident began. Forbes took immediate actions to remediate the incident." The news outlet's investigation found "no indication of additional or ongoing compromise nor any evidence of data exfiltration," according to the statement.
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
Using Forbes.com was "fairly brazen" and a shrewd move, said Steve Ward, senior director at iSIGHT Partners. "It's a trusted place that all of the employees in a targeted organization are going to be allowed to go to," he explained.
The attack worked by leveraging two undisclosed coding flaws -- typically called "zero day" vulnerabilities.
The first was a problem with Adobe Flash, which the company patched December 9th, and the second was an Internet Explorer flaw, which Microsoft released a fix for on Tuesday. The Internet Explorer flaw was deployed by the attackers when the Flash flaw alone was not enough to compromise targeted visitors' systems.
The hack redirected some of the site's visitors to a malicious site where their computers were silently attacked by malware. The researchers said they believe the malware was only used to infect a select group of targets, despite the broad audience of Forbes.com, which is ranked among the top 200 most visited sites globally by Alexa. The researchers said they confirmed the attack targeted at least some companies within the defense and financial services industries although it's possible its reach was larger.
The researchers attributed the hack to a cyberespionage group called Team Codoso, also known as the Sunshop Group, which has a long history of similar "watering hole" style attacks. Researchers at FireEye linked the group to attacks affecting multiple Korean military and strategy think tanks and a Uighur news and discussion site, among others, in 2013.
The Washington Post
Wed Feb 11 2015
![Chinese hackers hit Forbes.com Chinese hackers hit Forbes.com](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/http://img.astroawani.com/2013-02/61359849742_295x200.jpg)
The hack comes amid growing concerns that even the most trusted sites can be used by hackers aimed at infiltrating sensitive industries.
![Hari Kebangsaan: Kapasiti tempat duduk di Dataran Putrajaya ditambah - Fahmi Hari Kebangsaan: Kapasiti tempat duduk di Dataran Putrajaya ditambah - Fahmi](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/51723720861_TBmerdeka.jpg)
Hari Kebangsaan: Kapasiti tempat duduk di Dataran Putrajaya ditambah - Fahmi
Kapasiti tempat duduk awam bertingkat di Dataran Putrajaya di sini akan ditambah.
Belasungkawa: Nidza Afham dikebumikan di Puncak Alam
Ikuti siaran perjalanan terakhir jenazah Allahyarham Nidza Afham di Masjid Puncak Alam dan akan dikebumikan di Tanah Perkuburan Islam Felda Bukit Cherakah, Puncak Alam, Selangor.
![Dua remaja maut ketika buat aksi 'wheelie' Dua remaja maut ketika buat aksi 'wheelie'](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/81723720409_TBmaut.jpg)
Dua remaja maut ketika buat aksi 'wheelie'
Dua remaja lelaki maut selepas motosikal yang ditunggang mereka bertembung ketika melakukan aksi 'wheelie' di Jalan Elmina Business Park, Aman Putri, Sungai Pelong di sini pada Rabu.
![PRK Nenggiri diteruskan selepas Azizi tarik balik rayuan PRK Nenggiri diteruskan selepas Azizi tarik balik rayuan](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/81723451938_TBMohdAzizi.jpg)
PRK Nenggiri diteruskan selepas Azizi tarik balik rayuan
Mohd Azizi menarik balik rayuan dibuat terhadap keputusan Mahkamah Tinggi yang menolak permohonan injunksi sementara bagi menghentikan PRK Nenggiri.
![Jenazah Muhammad Nidza Afham selamat dikebumikan Jenazah Muhammad Nidza Afham selamat dikebumikan](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/41723720349_Kebumi.jpg)
Jenazah Muhammad Nidza Afham selamat dikebumikan
Jenazah Allahyarham Muhammad Nidza Afham Mokhtar selamat dikebumikan di Tanah Perkuburan Bandar Puncak Alam jam 6.30 petang tadi.
![Proses libat urus Belanjawan 2025 berjalan lancar - Fahmi Proses libat urus Belanjawan 2025 berjalan lancar - Fahmi](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/41723708198_TBFAhmi.jpg)
Proses libat urus Belanjawan 2025 berjalan lancar - Fahmi
Proses libat urus Kementerian Kewangan dengan pihak pemegang taruh bagi tujuan penyiapan dokumen Belanjawan 2025 berjalan lancar.
![Projek LCS: Mahkamah arah bekas Pengarah Urusan BNS dirujuk pakar psikiatri Projek LCS: Mahkamah arah bekas Pengarah Urusan BNS dirujuk pakar psikiatri](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/51723717543_tbAhmadRamli.jpg)
Projek LCS: Mahkamah arah bekas Pengarah Urusan BNS dirujuk pakar psikiatri
Mahkamah Sesyen mengarahkan bekas Pengarah Urusan BNS Tan Sri Ahmad Ramli Mohd Nor, dirujuk ke bahagian psikiatri di Hospital Kuala Lumpur.
![Amaran gempa bumi di Jepun selama seminggu berakhir selepas tiada perkembangan baharu Amaran gempa bumi di Jepun selama seminggu berakhir selepas tiada perkembangan baharu](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/71723718198_tokyo.jpg)
Amaran gempa bumi di Jepun selama seminggu berakhir selepas tiada perkembangan baharu
Nasihat gempa bumi Palung Nankai mendorong kerajaan pusat dan komuniti tempatan untuk memperhebatkan persiapan bencana sejak minggu lepas.
![Jenazah ibu Menteri Besar Kedah selamat dikebumikan Jenazah ibu Menteri Besar Kedah selamat dikebumikan](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/51723717957_IbuMBKedahmenigg.jpg)
Jenazah ibu Menteri Besar Kedah selamat dikebumikan
Jenazah Allahyarham Meriam Ahmad, 74, ibu Menteri Besar Kedah, selamat dikebumikan di Tanah Perkuburan Islam Sungai Pau jam 5.45 petang Khamis.
![Pengarah SRC adalah profesional, bukan boneka yang diupah oleh Najib - Ismee Pengarah SRC adalah profesional, bukan boneka yang diupah oleh Najib - Ismee](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-08/81723717419_tbIsmeeIsmail.jpg)
Pengarah SRC adalah profesional, bukan boneka yang diupah oleh Najib - Ismee
Mahkamah Tinggi diberitahu bahawa Ahli Lembaga Pengarah SRC International adalah sekumpulan profesional dan bukannya 'boneka' Najib.