Hackers Hack WordPress Sites to Carry out DDoS Attacks on Ukrainian Resources

Hacking WordPress sites and injecting DDoS Scripts.

DDoS Wordpress website

Hackers hack WordPress sites to inject malicious scripts that use visitors' browsers to carry out DDoS attacks on Ukrainian resources.

MalwareHunterTeam researchers discovered a hacked WordPress site that used the aforementioned script and attacked ten sites, including resources of Ukrainian government, scientific and financial organizations, as well as sites recruiting volunteers for the International Legion of Territorial Defense of Ukraine, etc.

Once loaded, the JavaScript forces the user's browser to send HTTP GET requests to every site in the list with no more than 1,000 concurrent connections. This allows scripts to carry out DDoS attacks while the site visitor has no idea.

Each request to attacked sites uses an arbitrary query string, so the request does not go through a caching service like Cloudflare or Akamai and is sent directly to the attacked server.

For example, a script for a DDoS attack generates requests like the following:

"GET /17.650025158868488 HTTP/1.1"

"GET /?932.8529889504794 HTTP/1.1"

"GET /?71.59119445542395 HTTP/1.1"

According to developer Andrey Savchenko, in order to carry out these attacks, the attackers hacked hundreds of WordPress sites.

“There are about a hundred of them. All hacked through vulnerabilities in WP. Unfortunately, many providers/owners do not respond in any way,” Savchenko said .

Read Also
Post a Comment