Hacked WordPress sites used to DDoS Ukrainian targets

Compromised WordPress sites carried malicious JavaScript

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The national Computer Emergency Response Team for Ukraine, CERT-UA, has warned of an ongoing distributed denial of service (DDoS) attack against.

AsBleepingComputerreports, unknown threat actors are conducting the raid with the help ofWordPress sitesinfected with malicious JavaScript code.

The scripts are injected into the HTML structure of the site’s main files, and are encoded with base64encryptionto remain out of sight. Therefore, whenever someone visits the site, their extra computing power is used to create a large number of requests against target URLs.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Political connotations

In effect, the website visitors are the bots flooding Ukrainian sites with too much traffic for theserversto handle, resulting in the denial of service.

The worst part is, apart from a barely noticeable performance issue on the visitor’sendpoint, the attack is almost impossible to spot.

Some of the websites targeted include:

Cloudflare has blocked one of the largest DDoS attacks of all time>‘Hacktivist’ activity drives DDoS volumes to all-time high>This rapidly expanding botnet is launching massive DDoS attacks

Allegedly, these websites have “taken a strong stance in favor of Ukraine” in the ongoing war with Russia, which is why they were targeted.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Besides issuing the warning, CERT-UA has also instructed compromised websites on how to detect, and remove, the malicious JavaScript code from their premises.

“To detect similar to the mentioned abnormal activity in the log files of the web server, you should pay attention to the events with the response code 404 and, if they are abnormal, correlate them with the values of the HTTP header ‘Referer’, which will contain the address of the web resource initiated a request,” CERT-UA said.

At press time, there were 36 websites confirmed to be carrying the malicious code.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind