Ukraine Was Hit by DDoS Attacks from Hacked WordPress Sites

Vladimir Krasnogolovy
Vladimir Krasnogolovy
3 Min Read
Ukraine hit by DDoS attacks

Ukrainian Computer Emergency Response Team (CERT-UA) said that Ukraine was hit by large-scale DDoS attacks.

CERT-UA has published a report on ongoing DDoS attacks on Ukrainian websites and a government web portal.

Unknown attackers compromise WordPress sites and inject malicious JavaScript code into the HTML structure. The script is base64 encoded to avoid detection like in this picture.

Ukraine hit by DDoS attacks

The Ukrainian Government Computer Emergency Response Team CERT-UA, in close cooperation with specialists from the National Bank of Ukraine (CSIRT-NBU), has taken measures to investigate DDoS attacks, for which attackers place malicious JavaScript code (BrownFlood) in the structure of web pages and files of compromised websites (primarily those running WordPress), whereby the computing resources of the computers of visitors to such websites are used to generate an abnormal number of requests to attack targets whose URLs are statically defined in malicious JavaScript code.CERT-UA specialists reported.

The code is executed on the visitor’s computer and generates a huge number of requests in order to stop the websites from working. Cyberattacks occur without the knowledge of the owners of compromised sites and create subtle performance disruptions for users.

By the way, we talked about the State Department Offers $1 million for Info on Russian Hackers.

CERT-UA works closely with the National Bank of Ukraine to implement protective measures against DDoS campaigns and numerous previous cyberattacks. In their report, the CERT-UA team provided instructions for removing malicious JavaScript code and added a threat detection tool to scan sites for hacking.

To detect such activity in the web server log files, you should look for events with a 404 response code and, if they are non-standard, correlate them with the values of the “Referer” HTTP header, which indicates the address of the web resource that created the request.advises CERT-UA.

In addition, it is important to keep the content management systems (Content Management Systems, CMS) of the site up to date, update plugins and restrict access to site management.

We also note that it seems that the Chinese comrades do not support Russian hackers: we wrote that Chinese Mustang Panda Cyberspies Attack Russian Officials.

You Might Also Like

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

Hackers use Discord as a tool for stealing passwords

MrB Ransomware (.mrB Files) – Analysis & File Decryption

Attackers Can Use GitHub Codespaces to Host and Deliver Malware

Fake Sites for Adults Destroy User Data

TAGGED:
Share This Article
By Vladimir Krasnogolovy
Follow:
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Previous Article Maze Ransomware Maze Ransomware Attack: All You Need to Know
Next Article Rootkit Attack How to Prevent a Rootkit Attack?
Leave a comment

Stay Connected

Latest News

GitLab Releases Security Update, Patches Authentication Bypass Flaw
GitLab Fixes Critical Kubernetes Agent Takeover Vulnerability
Security News
FakeBat Malware Exploits Google Search Ads, Again
FakeBat Loader is Back With New Tactics and Payload
Security News
Ivanti EPM RCE vulnerability fixed, patch now
RCE Vulnerability in Ivanti Endpoint Manager Uncovered, Patch Now
Security News
Hacker Uploads Data Leaked in MOVEit Breaches
Hacker Leaks Corporate Data Stolen in 2023 MOVEit Breaches
Security News