We perish because we know not… #TLENews
Chinese hackers infected the popular news site Forbes.com with malware targeting specific visitors, including U.S. defense and financial services firms, according to private cybersecurity experts. Researchers at iSIGHT Partners and Invincea said the attack was active at least from Nov. 28 to Dec. 1, though a longer duration is possible. The hackers took advantage of an unpatched vulnerability in Adobe Flash, which is used by Forbes to present its “Thought of the Day,” a quote and advertisement shown to visitors before they view the site. An additional “0-day” exploit in Internet Explorer was leveraged to infect machines running newer versions of Windows. iSIGHT Partners Senior Director Steve Ward confirmed to NBC News that anyone running Firefox or Chrome browsers on modern operating systems would not have been vulnerable.
Although all visitors to Forbes would have been exposed to the malware, the total actually infected is likely much lower, wrote Ward in a blog post — although limited information on the attack means the true duration and number affected are unknown. The malware appears to be Chinese in origin, and targeted several financial and government institutions which the cyber researchers did not name in the report. It is unclear whether the attack succeeded in infecting any of the networks it targeted. Forbes confirmed the intrusion in a statement to NBC News: