The compromised server was used for a drive-by attack
Hackers, presumably from China, have managed to gain unauthorized access to a server owned by the Council on Foreign Relations (CFR) – an American independent, nonpartisan membership organization, think tank, and publisher.Considering that a total of 4,700 officials, former officials, journalists and other important individuals are members, it’s no surprise that the organization has become the target of a sophisticated cyber espionage campaign.
According to The Washington Free Beacon, the attackers planted a piece of malicious software on a server that hosted the New York City-based CFR website and set it up for a drive-by attack.
Certain users who visited the website were served a piece of malware that helped the cybercriminals collect valuable information from their computers.
The malware was apparently pushed onto the systems of visitors via a vulnerability in Internet Explorer.
The malicious software planted on the server used Mandarin Chinese language, experts from a private security firm told the Free Beacon.
Also, it appears that the attack targeted only people or intelligence related to China because the malware was configured to infect only visitors who had set their browsers to support Chinese language characters.
The attackers rushed to remove the malware from the CFR server soon after they were discovered, most likely in an attempt to hide their tracks.
The FBI has been called in to investigate the incident. CFR representatives have revealed that they’ve also launched an investigation into the matter and they’re currently working on deploying security measures to prevent future attacks.
This isn’t the first time when cybercriminals use the sites of world-renowned organizations for drive-by attacks. Back in May, they compromised the site of Amnesty International and set it up to serve the Remote Administration Tool (RAT) known as Gh0st.