Security Experts:

Connect with us

Hi, what are you looking for?



Chinese Attackers Hacked Forbes Website in Watering Hole Attack: Security Firms

A Chinese attack group infected back in November in a watering hole attack targeting visitors working in the financial services and defense industries, according to two security companies.

A Chinese attack group infected back in November in a watering hole attack targeting visitors working in the financial services and defense industries, according to two security companies.

“A Chinese advanced persistent threat compromised to set up a watering hole style web-based drive-by attack against US defense and financial services firms in late November 2014,” Invincea said in a report posted on its site.

The attack exploited two zero-day vulnerabilities, one in Microsoft’s Internet Explorer and the other in Adobe’s Flash Player, Invincea and iSight Partners said in their joint report released Tuesday. Adobe fixed the flaw back in December and Microsoft updated Internet Explorer as part of its Patch Tuesday release.

The cyber-espionage campaign appeared to last only a few days, but iSight and Invincea did not rule out the possibility of the campaign lasting a longer period of time.

The malware infection was inside the “Thought of the Day” Flash widget which appears whenever users try to access a page. Visitors didn’t need to do anything other than to try to load in their browser to get infected. The demographics of the typical visitor to—senior executives, managers, and other professionals working for major corporations—indicate this campaign focused on cyber-espionage, not cybercrime, said Stephen Ward, an analyst with iSight Partners. Watering hole attacks are insidious because it wouldn’t occur to anyone that these sites could be infected.

Even though is a highly-traffic site with millions of visitors, iSight and Invincea said this wasn’t a widespread malware attack out to compromise as many victims as possible, but rather a very targeted one. Invincea noticed some of its customers in the defense industrial base were targeted by malware when loading, said Norm Laudermilch, COO of Invincea.

While Invincea did not see customers in other industry sectors affected by this attack, iSight researchers observed the same infection targeting visitors from financial services organizations and a handful of other sectors. Both companies declined to identify the companies which had been targeted.

While the infection attempts failed against Invincea customers, it’s likely other visitors to in the targeted sectors were infected. “This was clearly a targeted attack against a specific group of organizations,” Laudermilch said. It wasn’t against specific individuals, because the group would have likely used spear phishing, instead.

Neither iSight or Invincea had the visibility in the attack to be able to tell whether the attack group had achieved its objective against its victims, or even what the exact objective was, Laudermilch said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.