Security News > 2023 > March > Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022.

The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an unknown method.

The fact that the breached websites - owned by both small firms and multinational corporations - utilize different tech stacks and hosting service providers has made it difficult to trace a common attack vector, the cloud security company noted.

What's more, the URLs hosting the rogue JavaScript code are geofenced to limit its execution in certain East Asian countries.

There are also indications that the campaign has set its sights on Android as well, with the redirection script leading visitors to gambling websites that urge them to install an app.

The identity of the threat actor is unknown as yet, and although their precise motives are yet to be identified, it is suspected that the goal is to carry out ad fraud and SEO manipulation, or alternatively, drive inorganic traffic to these websites.

News URL

https://thehackernews.com/2023/03/large-scale-cyber-attack-hijacks-east.html