Skip to main content

Chinese suspected for Forbes November hack

Forbes was the victim of a hack attack back in November, with the news appearing on the Forbes’ website (opens in new tab) earlier this week.

Cyber security firms claim Chinese hackers are behind the attack, even though there isn’t enough evidence to support that claim, they say.

The hackers used a vulnerability in the Adobe Flash widget that delivers the Thought of the Day page to send visitors to a specially crafted website.

That site would then serve up an exploit against a zero-day vulnerability in Flash and, if it was needed, another flaw in Microsoft MSFT Internet Explorer.

The breach happened on 28 November and it was discovered on 1 December 2014, and Forbes moved quickly to remedy the breach, says its press department.

“The investigation has found no indication of additional or ongoing compromise nor any evidence of data exfiltration. No party has publicly claimed responsibility for this incident,” the spokesperson said.

Forbes’ website has been used to spread two viruses: one is called Swifi, and the other Agent-ALEA.

Both are easily blocked and countered by most well-respected antivirus systems.

Forbes says two security companies claim Chinese hackers are behind the attack.

Threat intelligence provider iSight and end point security firm Invincea, have claimed that a Chinese cyber-espionage group dubbed Codoso Team, also known as Sunshop Group, was responsible for the attack.

iSight claimed the malware used by the hackers, which would attempt to download itself after visitors hit the site, was written in simplified Chinese and was similar to another malicious software called Derusbi, a strain “unique to Chinese cyber espionage operators”.

Director of ASERT at Arbor Networks, Dan Holden, says the attack was a work of a sophisticated attacker with a specialised mission:

"Zero-day vulnerabilities were used and this is extremely rare. Cyber criminals don’t use zero-day. Hacktivists don’t use zero-day. When zero-day is used it means you have a very sophisticated attacker with a specialised mission," he said.

"They either have to discover the zero-day themselves or purchase it both of which take funding. Over the last few years you’ve seen more zero-day leveraged by state sponsored attacks than anything else because they are the ones with the best access to zero-day vulnerabilities and are generally speaking, the only types of specialised attacks that require zero-day to be leveraged."

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.