MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites.
There’s about hundred of them actually. All through the WP vulns. Unfortunately, many providers/owners doesn’t react. @GoDaddy ignores abuse letters completely
— пан Птіца (@ptico) March 28, 2022
The JavaScript was designed to perform thousands of HTTP GET requests to the targeted sites.
The website of @IformaRedsocial, https://iforma[.]es/, looks got hacked as it is currently includes a script to attempt DDoS Ukrainian / Ukraine related domains/IPs…
— MalwareHunterTeam (@malwrhunterteam) March 28, 2022
cc @0xDanielLopez pic.twitter.com/9cpAgvBiGg
The only evidence of the ongoing attack is the slowing down of the browser performance.
According to BleepingComputer, which first reported the discovery, DDoS attacks targeted pro-Ukrainian sites and Ukrainian government agencies, including think tanks, recruitment sites for the International Legion of Defense of Ukraine, and financial sites.
Below is the list targeted websites:
https://stop-russian-desinformation.near.page
https://gfsis.org/
http://93.79.82.132/
http://195.66.140.252/
https://kordon.io/
https://war.ukraine.ua/
https://www.fightforua.org/
https://bank.gov.ua/
https://liqpay.ua
Homepage
The script generates random requests to avoid that they are served through a caching service.
BleepingComputer discovered that the same script is being used by the pro-Ukrainian site to launch attacks against Russian websites.
“When visiting the site, users’ browsers are used to conduct DDoS attacks on 67 Russian websites.” states BleepingComputer.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Ukrainian websites)
[adrotate banner=”5″]
[adrotate banner=”13″]