Security News > 2024 > February > Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams.
Search engine crawlers index the redirects and list them on Google Search results, making them an effective strategy for SEO poisoning campaigns, leveraging a trusted domain to rank malicious URLs higher for specific queries.
The campaign also targets government and corporate sites using the outdated FCKeditor plugin, including Virginia's government site, Austin, Texas's government site, Spain's government site, and Yellow Pages Canada.
From BleepingComputer's tests, we discovered that the compromised FCKeditor instances utilize a combination of static HTML pages and redirects to malicious sites.
Once these pages are ranked in search engines, the threat actors will likely swap them out for redirects to malicious sites.
In the past, we saw similar campaigns where threat actors abused open redirects on government sites to redirect users to fake OnlyFans and adult sites.
News URL
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers exploit DoS flaw to disable Palo Alto Networks firewalls (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)