Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Chinese Cyber Spies Infected Forbes.com

Softpedia.com reported on 11th February, 2015 stating that security researchers discovered a malicious campaign believed to be targeted in nature and initiated by Chinese cyber spies.

Partners of Invincea and iSight said in their joint report which revealed recently that the attack abused two zero-day vulnerabilities in Microsoft's Internet Explorer and Adobe's Flash Player. Microsoft updated Internet Explorer and Adobe solved the fault in December as part of its Patch.

The campaign of this cyber-espionage seemed to last only for few days but Invincea and iSight thought that the campaign might be lasting for longer period of time.

Whenever users try to access a page of Forbes.com, the infection due to malware was the "Thought of the Day" Flash widget appears. Visitors only had to load Forbes.com on their browser to get it infected. Securityweek.com published a report on 11th February, 2015 quoting Stephen Ward, an Analyst of iSight Partners as saying "The demographics of usual visitor to Forbes.com reveal that managers, senior executives and other professionals working in big corporations visit it. This indicates that this campaign is focused on cyber-espionage and not cybercrime."

Watering hole attacks are dangerous because it would not happen to anyone to infect these sites.

The firms said that they only identified a few organizations in financial and defense services which were targeted and declined to identify them. They also said that they were not sure if the hackers had succeeded in stealing any data but they believed that other visitors to Forbes.com were affected.

Partners of iSight are very much sure that the attacking group behind these attacks is a team of Chinese cyber espionage dubbed Codoso team (also publicly known as Sunshop Group) because the malware used in the campaign is similar to variants of Derusbi which is unique to operators of Chinese cyber espionage. C&C domain is connected with a domain used in many campaigns related to Codoso Team and minimum three more sites hosted the same exploit before its public disclosure. These sites are related to Chinese unorthodox issues and the team of Codoso is frequently exploiting zero-day vulnerabilities in their attacks and has shown favoritism for watering hole attacks.

ยป SPAMfighter News - 2/20/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page