Determined Hostile Actors Use Flash And IE 0-Day Exploits To Compromise Forbes Visitors

Hostile actors compromised visitors to the Forbes website late in 2014 using multiple zero-day exploits and the “thought of the day” pop up. This chained 0-day attack is of note because the use of multiple 0-day exploits is rare.

According to the security firm Invincea the hostile actors first compromised the Forbes website to have the “thought of the day” pop up deliver a 0-day that attacked fully patched Adobe Flash. This first 0-day allowed the hostile actors to bypass the code that protects Flash users from drive by attacks. Next a 0-day was used against IE allowing for the Flash exploit to compromise IE and then the user computer.

According to the Invincea Threat Report for 10 Feb 2015 the hostile actors targeted only financial and defense sector companies. Attribution has been made to the Codoso Team (aka Sunshop Group).

Post by Protocol 46