Security News > 2022 > April > Ukraine targeted by DDoS attacks from compromised WordPress sites
Ukraine's computer emergency response team has published an announcement warning of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal.
The threat actors, who at this time remain unknown, are compromising WordPress sites and injecting malicious JavaScript code to perform the attacks.
This all happens without the owners or the visitors of the compromised sites ever realizing it, except for maybe some barely noticeable performance hiccups for the latter.
The above entities and sites have taken a strong stance in favor of Ukraine in the ongoing military conflict with Russia, so they were not selected randomly.
In March, a similar DDoS campaign was conducted using the same script but against a smaller set of pro-Ukrainian websites, as well as against Russian targets.
The agency has informed the owners, registrars, and hosting service providers of the compromised websites of the situation and has provided instructions on how to detect and remove the malicious JavaScript from their sites.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)