Compromised WordPress sites launch DDoS on Ukrainian websites

2 years ago 138
BOOK THIS SPACE FOR AD
ARTICLE AD

Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites.

MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites.

There’s about hundred of them actually. All through the WP vulns. Unfortunately, many providers/owners doesn’t react. @GoDaddy ignores abuse letters completely

— Andrii Savchenko 🇺🇦 (@ptico) March 28, 2022

The JavaScript was designed to perform thousands of HTTP GET requests to the targeted sites.

The only evidence of the ongoing attack is the slowing down of the browser performance.

According to BleepingComputer, which first reported the discovery, DDoS attacks targeted pro-Ukrainian sites and Ukrainian government agencies, including think tanks, recruitment sites for the International Legion of Defense of Ukraine, and financial sites.

Below is the list targeted websites:

https://stop-russian-desinformation.near.page https://gfsis.org/ http://93.79.82.132/ http://195.66.140.252/ https://kordon.io/ https://war.ukraine.ua/ https://www.fightforua.org/ https://bank.gov.ua/ https://liqpay.ua https://edmo.eu

The script generates random requests to avoid that they are served through a caching service.

BleepingComputer discovered that the same script is being used by the pro-Ukrainian site to launch attacks against Russian websites.

“When visiting the site, users’ browsers are used to conduct DDoS attacks on 67 Russian websites.” states BleepingComputer.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Ukrainian websites)




Read Entire Article