Security News > 2022 > March > Hacked WordPress sites force visitors to DDoS Ukrainian targets
Hackers are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on Ukrainian websites.
Today, MalwareHunterTeam discovered a WordPress site compromised to use this script, targeting ten websites with Distributed Denial of Service attacks.
These websites include Ukrainian government agencies, think tanks, recruitment sites for the International Legion of Defense of Ukraine, financial sites, and other pro-Ukrainian sites.
BleepingComputer has only been able to find a few sites infected with this DDoS script.
Developer Andrii Savchenko states that hundreds of WordPress sites are compromised to conduct these attacks.
While this site clarifies that it will use visitors' browsers to conduct DDoS attacks against Russian websites, the compromised WordPress sites use the scripts without the website owners' or their visitors' knowledge.