Monday, January 7, 2013

CFR Attacked by Chinese Hackers

The Council on Foreign Relations (CFR) was attacked by Chinese hackers dubbed the "Elderwood Project."

Here is what the SC Magazine had to say:
The latest zero-day was used as part of a so-called "watering hole" attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.
About two weeks ago, the site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye. The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.
The Elderwood attacks kicked off in 2010, when Google, Adobe and about 30 other high-profile companies said they were hit by sophisticated attacks believed to have been launched by Chinese adversaries looking to steal intellectual property.
Here is more on the attack by Bill Gertz of Free Beacon.

Cyber spies targeting Washington think tanks is nothing new.  Here is a previous Think Tank Watch post on this topic.