Members of Chinese espionage group likely were the attackers that exploited zero-days in Flash and IE on Forbes.com.
Members of Chinese espionage group likely were the attackers that exploited zero-days in Flash and IE on Forbes.com.

Hackers that attacked Forbes.com's Thought of the Day page for several days last November exploited zero-day vulnerabilities in Internet Explorer (IE) and Adobe Flash in an effort to target U.S. financial services and defense contracting companies, according to an Invincea Threat Research Report blog post.

By exploiting a vulnerability in Flash (CVE-2014-9163), since fixed by Adobe, attackers could “gain control of unsuspecting users' machines within targeted firms,” the blog post said. A second attack was downloaded to get around Flash's Address Space Layout Randomization feature by exploiting a zero-day vulnerability in IE (CVE-2015-0071), since patched by Microsoft.

The “chained zero-day exploit” succeeded in compromising the networks of targeted firm. 

"The best known attack with chained 0-days was the Stuxnet attack allegedly perpetrated by US and Israeli intelligence agencies against Iran's nuclear enrichment plant at Natanz as part of an operation known as Olympic Games," the blog said.

iSIGHT Partners attributed the espionage campaign to the Chinese organization Codoso, (also known as Sunshop Group by FireEye ). 

The group has been known to target the U.S. government, military, financial services, political dissident groups and similar targets in the past. And although the blog post noted that "given the highly trafficked Forbes.com website, the exploit could have been used to infect massive numbers of visitors," but was not. 

"Across Invincea's large footprint of over 20,000 firms, Invincea and iSIGHT can confirm only certain US Defense and financial services firms were targeted with this exploit from Forbes.com during this time period," the blog post said.