IE 11 is not supported. For an optimal experience visit our site on another browser.

Chinese Hackers Hijack Forbes Website to Spread Malware: Report

Chinese hackers infected with malware highly targeted at U.S. defense and financial services.

Chinese hackers infected the popular news site with malware targeting specific visitors, including U.S. defense and financial services firms, according to private cybersecurity experts. Researchers at iSIGHT Partners and Invincea said the attack was active at least from Nov. 28 to Dec. 1, though a longer duration is possible. The hackers took advantage of an unpatched vulnerability in Adobe Flash, which is used by Forbes to present its "Thought of the Day," a quote and advertisement shown to visitors before they view the site. An additional "0-day" exploit in Internet Explorer was leveraged to infect machines running newer versions of Windows.

The security holes in both are now patched, however, and iSIGHT Partners Senior Director Steve Ward confirmed to NBC News that anyone running Firefox or Chrome browsers on modern operating systems would not have been vulnerable.

Although all visitors to Forbes would have been exposed to the malware, the total actually infected is likely much lower, wrote Ward in a blog post — although limited information on the attack means the true duration and number affected are unknown. The malware appears to be Chinese in origin, and targeted several financial and government institutions which the cyber researchers did not name in the report. It is unclear whether the attack succeeded in infecting any of the networks it targeted. Forbes confirmed the intrusion in a statement to NBC News:

"On December 1, 2014, Forbes discovered that on November 28, 2014, a file had been modified on a system related to the Forbes web site. The file was immediately reverted and an investigation by Forbes into the incident began. Forbes took immediate actions to remediate the incident. The investigation has found no indication of additional or ongoing compromise nor any evidence of data exfiltration. No party has publicly claimed responsibility for this incident."



—Devin Coldewey