At least 30 Ukrainian university websites have been hacked in a targeted attack allegedly launched in support of Russia’s invasion of the European country.
Researchers from Wordfence said the company had witnessed a “massive attack” on Ukrainian education institutions by threat actors identified as the ‘Monday Group’, which it says has publicly supported Russia’s recent actions.
The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since February 24, when Russian troops officially invaded Ukraine.
The security firm said it witnessed a peak of 144,000 web attacks on February 25, one day after the kinetic attack started. The peak is roughly three times the number of daily attacks from earlier in the month across the Ukrainian websites that we protect.
Below are the attacks observed by the company:
- 479 attacks on Feb 24th
- 37,974 attacks on Feb 25th
- 104,098 attacks on Feb 26th
- 67,552 attacks on Feb 27th
An investigation into the attacks has identified four IP addresses behind the campaign, which are routed through a VPN service based in Sweden. The hacking group also appears to have links to Brazil, where Wordfence has claimed it is based.
The individuals behind the incident have not yet been publicly identified. Wordfence decided to deploy real-time threat intelligence to all Ukrainian websites, a feature that is normally included only in Premium subscriptions.