
A distributed denial of service (DDoS) attack against CERT-UA, Ukraine’s national emergency response team, is ongoing.
The raid is being conducted by unknown threat actors using infected WordPress sites with malicious JavaScript code, reports BleepingComputer.
It injects the scripts into the HTML structure of the site’s main files, and the scripts are encoded with base64 encryption to remain invisible. This results in many requests being made against the target URLs each time someone visits the site.
The website visitors are bots that send too much traffic to Ukrainian sites, resulting in a denial of services for the servers.
Aside from the visitor’s endpoint having a barely noticeable performance issue, it is almost impossible to detect the attack.
Targeted websites include:
- war.ukraine.ua
- edmo.eu
- kmu.gov.ua
- callrussia.org
- gngforum.ge
- secjuice.com
- liqpay.ua
- gfis.org.ge
- micro.com.ua
- fightforua.org
- ntnu.no
- megmar.pl
- playforukraine.org