Massive spam campaign targets websites with hacking service ads

Threat actors have launched a new massive spam campaign targeting legitimate websites with advertisements for hacking services, according to TechCrunch. Aside from uploading the PDF-stored ads on several websites belonging to U.S. federal, state, county, and local governments, including the federal Administration for Community Living, the state of California, and Minnesota's St. Louis County, as well as U.S. universities, attackers have also set sights on numerous university websites, including those belonging to UC Berkeley, Yale, and Stanford, as well as the sites of defense contractor Rockwell Collins and Spain's Red Cross, a report from Citizen Lab Senior Researcher John Scott-Railton revealed. Such a campaign has been attributed by Scott-Railton to possible website weaknesses, including misconfigured services, which could have been exploited to trigger significant damage. "In this case the PDFs they uploaded just had text pointing to a scam service that might also be malicious as far as we know, but they could very well have uploaded PDFs with malicious contents," Scott-Railton added. U.S. Cybersecurity and Infrastructure Security Agency spokesperson Zee Zaman noted that the compromised websites are already under investigation.