Compromised WordPress sites launch DDoS on Ukrainian websites

Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites.

MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites.

There’s about hundred of them actually. All through the WP vulns. Unfortunately, many providers/owners doesn’t react. @GoDaddy ignores abuse letters completely— Andrii Savchenko (@ptico) March 28, 2022The JavaScript was designed to perform thousands of HTTP GET requests to the targeted sites.

The website of @IformaRedsocial, https://iforma[.]es/, looks got hacked as it is currently includes a script to attempt DDoS Ukrainian / Ukraine related domains/IPs…cc @0xDanielLopez pic.twitter.com/9cpAgvBiGg— MalwareHunterTeam (@malwrhunterteam) March 28, 2022The only evidence of the ongoing attack is the slowing down of the browser performance.

According to BleepingComputer, which first reported the discovery, DDoS attacks targeted pro-Ukrainian sites and Ukrainian government agencies, including think tanks, recruitment sites for the International Legion of Defense of Ukraine, and financial sites.

Below is the list targeted websites:

https://stop-russian-desinformation.near.page
https://gfsis.org/
http://93.79.82.132/
http://195.66.140.252/
https://kordon.io/
https://war.ukraine.ua/
https://www.fightforua.org/
https://bank.gov.ua/
https://liqpay.ua
https://edmo.eu

The script generates random requests to avoid that they are served through a caching service.

BleepingComputer discovered that the same script is being used by the pro-Ukrainian site to launch attacks against Russian websites.

“When visiting the site, users’ browsers are used to conduct DDoS attacks on 67 Russian websites.” states BleepingComputer.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Ukrainian websites)

The post Compromised WordPress sites launch DDoS on Ukrainian websites appeared first on Security Affairs.