Hackers hack WordPress sites to inject malicious scripts that use visitors' browsers to carry out DDoS attacks on Ukrainian resources.
MalwareHunterTeam researchers discovered a hacked WordPress site that used the aforementioned script and attacked ten sites, including resources of Ukrainian government, scientific and financial organizations, as well as sites recruiting volunteers for the International Legion of Territorial Defense of Ukraine, etc.
Each request to attacked sites uses an arbitrary query string, so the request does not go through a caching service like Cloudflare or Akamai and is sent directly to the attacked server.
For example, a script for a DDoS attack generates requests like the following:
"GET /17.650025158868488 HTTP/1.1"
"GET /?932.8529889504794 HTTP/1.1"
"GET /?71.59119445542395 HTTP/1.1"
According to developer Andrey Savchenko, in order to carry out these attacks, the attackers hacked hundreds of WordPress sites.
“There are about a hundred of them. All hacked through vulnerabilities in WP. Unfortunately, many providers/owners do not respond in any way,” Savchenko said .