Close

2020-06-15

A hacker group tried to hijack 900,000 WordPress sites over the last week.

A hacker group tried to hijack 900,000 WordPress sites over the last week

A hacker group has attempted to hijack nearly one million WordPress sites in the last seven days, according to a security alert issued today by cyber-security firm Wordfence.

The company says that since April 28, this particular hacker group has engaged in a hacking campaign of massive proportions that caused a 30x uptick in the volume of attack traffic Wordfence has been tracking.

“While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s only in the past few days that they’ve truly ramped up,” said Ram Gall, QA engineer at Wordfence.

Gall says the group launched attacks from across more than 24,000 distinct IP addresses and attempted to break into more than 900,000 WordPress sites.

The attacks peaked on Sunday, May 3, when the group launched more than 20 million exploitation attempts against half a million domains.

Gall says the group primarily exploited cross-site scripting (XSS) vulnerabilities to plant malicious JavaScript code on websites, to redirect incoming traffic to malicious sites.

The malicious code also scanned incoming visitors for logged-in administrators and then attempted to automate the creation of backdoor accounts via the unsuspecting admin users.

Wordfence says the hackers used a broad spectrum of vulnerabilities for their attacks. However, Wordfence also warns that the threat actor is sophisticated enough to develop new exploits and is likely to pivot to other vulnerabilities in the future.

WordPress website owners are advised to update themes and plugins they have installed on their sites, and, optionally, install a website application firewall (WAF) plugin to block attacks, if they might get targeted.

For the full article click this link  https://www.zdnet.com/article/a-hacker-group-tried-to-hijack-900000-wordpress-sites-over-the-last-week/

By Catalin Cimpanu  https://www.zdnet.com/meet-the-team/us/catalin.cimpanu/

Catalin Cimpanu is a security reporter at ZDNet, where he covers cyber-security, data breaches, hacking, and other related topics. He previously served as security reporter for Bleeping Computer and Softpedia.