"Hundreds of Thousands of Websites Hacked as Part of Redirection Campaign"

According to the cybersecurity company Wiz, since early September 2022, threat actors have been infiltrating tens of thousands of websites targeting East Asian audiences in order to redirect their users to adult-themed content. The threat actors gained access to a website using legitimate credentials for the FTP endpoint used to manage the web application. In some cases, the credentials used by the attackers were complex and unlikely to have been included in a dictionary for a brute-force attack. Many of the websites are owned by small companies, while others belong to large organizations. Once the attackers had gained access to the target website, they altered existing web pages by adding a single line of HTML code in the form of a script tag that referenced a remotely hosted JavaScript script. The analysis of relevant FTP logs for the attacks revealed that the threat actor connected to these FTP endpoints using a static IP address. In several instances, after obtaining FTP credentials, the researchers discovered that the attackers injected JavaScript code directly into existing files on the compromised server. This article continues to discuss the hijacking of thousands of websites using compromised FTP credentials. 

Security Affairs reports "Hundreds of Thousands of Websites Hacked as Part of Redirection Campaign"