Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites.
MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites.
The only evidence of the ongoing attack is the slowing down of the browser performance.
According to BleepingComputer, which first reported the discovery, DDoS attacks targeted pro-Ukrainian sites and Ukrainian government agencies, including think tanks, recruitment sites for the International Legion of Defense of Ukraine, and financial sites.
Below is the list targeted websites:
https://stop-russian-desinformation.near.page https://gfsis.org/ http://126.96.36.199/ http://188.8.131.52/ https://kordon.io/ https://war.ukraine.ua/ https://www.fightforua.org/ https://bank.gov.ua/ https://liqpay.ua
The script generates random requests to avoid that they are served through a caching service.
BleepingComputer discovered that the same script is being used by the pro-Ukrainian site to launch attacks against Russian websites.
“When visiting the site, users’ browsers are used to conduct DDoS attacks on 67 Russian websites.” states BleepingComputer.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Ukrainian websites)
The post Compromised WordPress sites launch DDoS on Ukrainian websites appeared first on Security Affairs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.