Web users are being unwittingly recruited for distributed denial of service (DDoS) attacks against multiple websites belonging to the Ukrainian government and local non-profits.
As reported by BleepingComputer, an unknown threat actor has managed to compromise a number of WordPress websites, and embed a unique JavaScript code, which sends an HTTP GET request to a total of ten websites.
When someone visits one of these sites, their browser is forced to execute the code. The objective of the campaign is to overload the websites with fake traffic and take them offline.
Abusing civilians
The people whose endpoints are being used for this attack almost certainly don’t know they are part of an attack. Besides slowing down their browsing a little, there’s no indication of the browser essentially being hijacked.
Bleeping Computer further explains that every request to the websites utilizes a random query string, so that the request doesn’t get served through Cloudflare or a similar CDN. Instead, it’s directly received by the target server.
Ukrainian websites aren’t the only victims of the attack, though. BleepingComputer found that the same script is being used to mount attacks against roughly 70 Russian websites too. The difference is that, in this case, the individuals are aware they are partaking in a DDoS campaign.
The war between Russia and Ukraine has spilled from the physical realm into cyberspace. Earlier this week, one of Ukraine’s Internet Service Providers (ISP), Ukrtelecom, reported suffering a “major” cyberattack, which brought internet connectivity in the country down to almost a tenth of its pre-war levels.
The ISP later announced that the attack had been thwarted, but connectivity for civilians is likely to remain patchy, as the ISP wants to ensure that the government and military have stable access, before restoring it for the rest of the citizens.
Via BleepingComputer