VERY IMPORTANT

A Chinese advanced persistent threat (APT) compromised Forbes.com to set up a watering hole style web-based drive-by attack against US Defense and Financial Services firms in late November 2014. The brazen attack used chained 0-days against Adobe Flash and Microsoft Internet Explorer 9 to attempt to gain access to internal networks at these companies. This report is the first to detail the attack against strategic US interests to China.