The Computer Emergency Response Team for Ukraine has made a warning regarding the ongoing DDoS attacks by unknown threat actors. According to the warning, the attackers utilize some infected WordPress websites to attack and disable their targets.
Infecting websites for DDoS attacks
Whenever a user visits an infected website, it shoots a large number of requests to the target
The real targets, which are being DDoSed every time someone visits an infected website, are said to be supporting the Ukrainian side in the ongoing war between Russia and Ukraine. While this information gives some clue about the threat actors, currently, there is no evidence of ties between the Russian state and the hackers.
The Computer Emergency Response Team for Ukraine advises checking the log files of the websites for events with response code 404. In case of any abnormality, admins should correlate them with the values of the HTTP header “Referer”, which will contain the address of the web resource that initiated a request.