Source:
https://scmp.com/article/1710016/chinese-hackers-target-us-defence-finance-firms-after-attack-magazine-website
China

Chinese hackers ‘target US defence, finance firms’ after Forbes cyberattack

AFP

Updated: 7:06pm, 11 Feb, 2015

Why you can trust SCMP
The US security firms allege that hackers targeted companies visiting the Forbes site. Photo: Reuters

US cyber security firms say a Chinese espionage team hacked Forbes magazine to then attack defence contractors, financial firms and other unsuspecting prey visiting the popular news website.

Invincea and iSight Partners detailed what they described as a “watering hole” campaign late last year that took advantage of Forbes.com and other legitimate websites.

“A Chinese advanced persistent threat compromised Forbes.com to set up a watering hole style web-based drive-by attack against US defence and financial services firms in late November 2014,” Invincea said in a report posted on its website.

The “brazen attack” took advantage of vulnerabilities in Adobe Flash and Internet Explorer software which have since been patched, according to Invincea.

Watering hole attacks typically involve hackers breaking into websites popular with their desired targets and then booby-trapping venues with viruses to infect visitors.

The cyber espionage campaign focused on Forbes.com appeared to last only a few days, but the security firms said deeper investigation could determine it went on for a longer period of time.

ISight believed that the culprits behind the attack were Chinese cyber espionage agents it called Codoso Team but also referred to as Sunshop Group.

The group has been linked to previous cyber spying campaigns against the US government, military and defence sites, think tanks covering foreign affairs, financial services companies, energy firms and political dissidents, according to security researchers.

Rather than spreading malicious code to the machines of the millions of people who visited Forbes.com, the hackers appeared to be after select targets such as defence and financial services firms, according to iSight.

Further investigation reportedly revealed a set of websites being used by Codoso to target dissident groups.

Forbes.com is ranked the 61st most popular website in the United States and the 168th most popular in the world, meaning the reach of the espionage campaign could be vast, security researchers said.