The Computer Emergency Response Team for Ukraine has made a warning regarding the ongoing DDoS attacks by unknown threat actors. According to the warning, the attackers utilize some infected WordPress websites to attack and disable their targets.
Infecting websites for DDoS attacks
Whenever a user visits an infected website, it shoots a large number of requests to the target
The WordPress websites are told to be infected with malicious JavaScript codes that are injected into the HTML structure of the main site files. The codes are encoded with base64 encryption for gaining some stealth capabilities. The codes trigger when a visitor comes and views the website; effectively sending requests against targets by utilizing the website’s hardware and connection resources. The visitors do not notice what is actually going on since the script does not affect their browsing experience.
The real targets, which are being DDoSed every time someone visits an infected website, are said to be supporting the Ukrainian side in the ongoing war between Russia and Ukraine. While this information gives some clue about the threat actors, currently, there is no evidence of ties between the Russian state and the hackers.
The Computer Emergency Response Team for Ukraine advises checking the log files of the websites for events with response code 404. In case of any abnormality, admins should correlate them with the values of the HTTP header “Referer”, which will contain the address of the web resource that initiated a request.