Chinese spy team hacks Security firms

SAN FRANCISCO - US cyber security firms on Tuesday said that a Chinese espionage team hacked Forbes magazine to hunt defence contractors, financial firms, and other unsuspecting prey visiting the popular news website.

Invincea and iSight Partners detailed what they described as a "watering hole" campaign late last year that took advantage of and other legitimate websites.

"A Chinese advanced persistent threat compromised to set up a watering hole style web-based drive-by attack against US defence and financial services firms in late November 2014," Invincea said in a report posted at its website.

The "brazen attack" took advantage of Adobe Flash and Internet Explorer vulnerabilities which have since been patched, according to Invincea.

Watering hole attacks typically involve hackers breaking into websites popular with their desired targets and then booby-trapping venues with viruses to infect visitors.

The cyber espionage campaign focused on appeared to last only a few days, but the security firms said deeper investigation could determine it went on for a longer period of time.

ISight believed that the culprits behind the attack were Chinese cyber espionage agents it called Codoso Team but also referred to as Sunshop Group.

The group has been linked to previous cyber spying campaigns against US government; military; defence industrial; think tanks covering foreign affairs; financial services; energy firms, and political dissidents, according to security researchers.

Rather than spreading malicious code to the machines of the millions of people who visited, the hackers appeared to be after select targets such as defence and financial services firms, according to iSight.

Further investigation reportedly revealed a set of websites being used by Codoso to target dissident groups.

Given that is ranked the 61st most popular website in the United States and the 168th most popular in the world, the reach of the espionage campaign could be vast, security researchers said.