Cybercriminals have injected malicious scripts into compromised WordPress websites that weaponize the browsers of unsuspecting visitors to conduct DDoS attacks on Ukrainian targets.
Security researchers identified a compromised WordPress website that used the malicious script to hit websites with DDoS attacks. Targets included Ukrainian think tanks, financial sites, government agencies, pro-Ukrainian websites, and recruitment sites of the International Legion of Defense of Ukraine.
Compromised WordPress website visitors were unaware of the attack. The DDoS attack stealthily unfolded in the background, with no more than a slight slowdown of the host browser to raise suspicions.
Each HTTP GET request sent by the weaponized browsers used a random query string to circumvent caching services such as Akamai or Cloudflare and go straight to the targeted server.
A report says hundreds of WordPress websites have been injected with the malicious script used in the DDoS attacks. The script is the same one used by certain pro-Ukrainian websites to carry out attacks against Russian websites.
The identified pro-Ukrainian websites clearly state they would use visitors’ browsers to perform DDoS attacks against Russian targets. In contrast, compromised WordPress websites injected with the script conduct the attacks without the owners’ or visitors’ knowledge.
Note that denial-of-service and distributed denial-of-service attacks bear severe legal consequences, such as hefty fines and prison sentences.