Hacked WordPress sites force visitors to DDoS Ukrainian targets
Hackers are compromising several WordPress sites in order to insert a malicious script that uses visitors’ browsers to perform distributed denial of service attacks (DDoS) against Ukrainian websites, researchers claim.
Cyberattacks occur in the background, without the website owners’ or users’ knowledge, with the exception of a browser slowdown. Each request to the targeted websites will use a random query string, ensuring that the request is not served through a caching service, such as Cloudflare or Akamai, and is received directly by the server under attack. Targeted websites include Ukrainian government agencies, financial sites, and pro-Ukrainian sites among others. The same script, according to Bleepingcomputer, is also being used to launch attacks on Russian websites.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.