Determined Hostile Actors Use Flash And IE 0-Day Exploits To Compromise Forbes Visitors

Hostile actors compromised visitors to the Forbes website late in 2014 using multiple zero-day exploits and the “thought of the day” pop up. This chained 0-day attack is of note because the use of multiple 0-day exploits is rare.

According to the security firm Invincea the hostile actors first compromised the Forbes website to have the “thought of the day” pop up deliver a 0-day that attacked fully patched Adobe Flash. This first 0-day allowed the hostile actors to bypass the code that protects Flash users from drive by attacks. Next a 0-day was used against IE allowing for the Flash exploit to compromise IE and then the user computer.

According to the Invincea Threat Report for 10 Feb 2015 http://www.invincea.com/2015/02/chinese-espionage-campaign-compromises-forbes/ the hostile actors targeted only financial and defense sector companies. Attribution has been made to the Codoso Team (aka Sunshop Group).

Post by Protocol 46