Forbes.com infected by hackers in campaign to spy on visitors - researchers

By Jim Finkle

BOSTON (Reuters) - The Forbes.com financial news site was infected by Chinese hackers with spying software that targeted specific visitors, including those at U.S. financial services and defense firms, according to two cybersecurity firms.

The hackers infected Forbes.com in November with software that automatically attacked visitors by exploiting security flaws in Microsoft Corp's Internet Explorer browser and Adobe Systems Inc's Flash software, cybersecurity firms iSight Partners Inc and Invincea Inc said on Tuesday.

The firms said they only had a limited view into the attacks based on customer data and other intelligence.

They said they only identified a few organizations in the defense and financial services sectors that were targeted and declined to identify them. They also said they did not know if the hackers had succeeding in stealing any data, though they believed other visitors to Forbes.com were affected.

Forbes.com is the most popular website known to be compromised as part of an espionage campaign, according to iSight researcher John Hultquist. Previous cyberattacks on popular websites have involved malware used by criminals, not spies, he said.

Espionage campaigns typically target smaller websites catering to targeted communities using a technique known as a "watering hole" attack, Hultquist said. For example, hackers looking to spy on aerospace firms have been known to infect sites of associations and news blogs that focus on the industry.

Forbes.com spokeswoman Laura Daunis said in a statement on Tuesday that the company on Dec. 1 identified an "incident" that occurred on Nov. 28.

"A file had been modified on a system related to the Forbes website," she said. "Forbes took immediate actions to remediate the incident. The investigation has found no indication of additional or ongoing compromise." She declined to elaborate.

ISight said it believed a Chinese group known as Codoso, or Sunshop, was responsible for attacking Forbes, based on evidence including use of common infrastructure with previous attacks.

The firm said it believes the group was responsible for similar recent attacks on a think tank site, Cefc.com.hk, as well as Turkkonseyi.com and Gokbayrak.com, which focus on issues of interest to China's Uighur and Turkic minorities.

Codoso is responsible for attacks dating back to 2010 on the energy and financial services sectors, government agencies, dissidents and think tanks, according to iSight.

Microsoft released an update on Tuesday to fix the bug in Internet Explorer. Adobe released a Flash update in December to fix that vulnerability.

Forbes.com, which said it had about 33 million unique visitors in September, is majority owned by Hong Kong-based Integrated Whale Media Investments.

(Reporting by Jim Finkle in Boston, additional reporting by Jennifer Saba in New York; Editing by Phil Berlowitz)