Cyber espionage; Network intrusion; Software vulnerability

So-called drive-by attack “involved penetrating the computer server that operates the New York City-based CFR’s website and then using the pirated computer system to attack CFR members and others who visited or drove by’ the site. . .The method used in a ‘drive-by’ attack requires hackers to covertly plant malicious software in the CFR computer system. Then, they used the software and the website to attack visitors to the site by infecting their computers in a hunt for secrets and other valuable information. . .Attackers that targeted CFR were able to set up a covert network capable of identifying, encrypting, and sending stolen information found in targeted and infected computers back to a secret command and control computer. . . .In the case of the CFR hack, the malicious software involved software that included Mandarin Chinese language. . . the attackers limited their targeting to CFR members and website visitors who used browsers configured for Chinese language characters – an indication the attackers were looking for people and intelligence related to China.”