"Visitors to Compromised WordPress Sites Are Forced to DDoS Ukrainian Targets"

WordPress websites are being infected with malicious scripts to use visitors' browsers to execute Distributed Denial-of-Service (DDoS) attacks against Ukrainian websites. Security researchers with MalwareHunterTeam have identified a compromised WordPress website that is being used to launch DDoS attacks against ten different websites belonging to Ukrainian government institutions, think tanks, banks, and more. The compromised website loads a script that forces the visitor's browser to make HTTP GET requests to each target website, with no more than 1,000 simultaneous connections. The DDoS attacks happen in the background, with a slowdown on the user's browser, thus allowing the scripts to launch DDoS assaults while the visitor is unaware that their browser has been hijacked. Each request to a targeted site will contain a random query string to ensure the request is not cached by a caching provider such as Cloudflare or Akamai, and is delivered directly to the server under attack. According to the developer Andrii Savchenko, hundreds of WordPress websites have been hijacked through the exploitation of existing vulnerabilities to carry out these DDoS attacks. This article continues to discuss the hacking of WordPress websites to use visitors' browsers to launch DDoS attacks against Ukrainian websites. 

CyberIntelMag reports "Visitors to Compromised WordPress Sites Are Forced to DDoS Ukrainian Targets"