Recommended reading

US government vaccine hub, other sites abused in cyberattack spewing out AI slop

News
By last updated

Multiple websites hijacked and defaced

AI PC laptop
(Image credit: Shutterstock / metamorworks)
  • US government website has been hijacked with AI generated spam
  • NPR, Stanford, and other sites were also taken over
  • The spam seems to be explicit but non-malicious

Several web domains have been hijacked to show explicit and AI-generated content in a spam campaign that targeted US Government sites and other domains.

A domain belonging to the US Department of Health and Human Services (HHS) advising on vaccines was defaced to show thousands of AI-generated articles, primarily containing incorrect or incomplete information about popular search topics like video game round-ups or restaurant recommendations.

Websites linked to radio station NPR and Stanford University were also hit, as was a page advertising events linked to (but not owned by) chip giant Nvidia.

WowLazy spam campaign

It’s not clear who hijacked the site or the purpose behind it, since the AI slop doesn’t seem to have a consistent theme or angle, and links in the pages directing to a “nonsense SEO spam page” stocks.wowlazy[.]com.

Much of the content appears to have been apparently explicit, but much was also “entirely mundane” - the spam campaign was discovered thanks to a technologist who was searching for ‘best Portland cat cafes’ on DuckDuckGo and was directed to the site and a spam page about cat cafes.

This isn’t the first time that cybercriminals have hijacked websites in order to post their own content, but usually this contains some type of malware of infostealer to gain profit from the spam campaigns - but as far as we can see, that wasn’t the case on this occasion.

SEO seems to be a tool that cybercriminals are taking advantage of in order to deliver malware (or not) to a wider audience. To mitigate the risk from this type of attack, users should disable push notifications from sites they don’t know/trust, and be very cautious with unfamiliar links.

TechRadar Pro did reach out to the CDC, NPR, and Stanford for comment but haven’t yet received a response. Nvidia told us the affected webpage was not affiliate to the company.

Via 404media

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.