Chinese hackers used Forbes.com to target U.S. financial firms and defense contractors in late 2014.
Visitors to Forbes.com, the 61st most popular website in the U.S., are met with an intermediate page listing a rotating “Thought of the Day.”
{mosads}According to security firms iSightPartners and Invincea, Chinese digital warriors discovered a flaw in Adobe Flash, the popular software used to animate Web graphics, including the “Thought of the Day.”
Starting in late November, hackers used the flaw to infiltrate employees at specific defense and finance companies when they visited Forbes’s website.
“Given the highly trafficked Forbes.com website, the exploit could have been used to infect massive numbers of visitors,” Invincea said. “In fact it was not used for that purpose.”
“We believe the campaign to be highly targeted in nature,” iSightPartners added.
The hackers only had a small window, because the vulnerability was patched on Dec. 9.
The company tied the cyber campaign back to a Chinese cyber espionage group that has been working to collect intel on governments and dissidents since 2010.
Previously the group has targeted high-profile individuals by launching attacks through the Nobel Peace Prize Committee website and sending fraudulent emails to government officials.
China focuses much of its cyber efforts on collecting U.S. military plans and corporate strategies.
The recent data breach at health insurer Anthem Inc. is thought to be a Chinese attempt to get personal information on high-profile U.S. individuals, not necessarily a theft simply for financial gain.
The White House’s updated National Security Strategy, released last Friday, directly called out the East Asian power for their digital espionage.