BleepingComputer reports that WordPress sites are being infected by threat actors with a malicious script that facilitates distributed denial-of-service attacks against Ukrainian websites.
Hackers have inserted the script into a WordPress site to launch DDoS attacks aimed at 10 websites, including those of Ukrainian government agencies, financial sites, think tanks, International Legion of Defense of Ukraine recruitment sites, and other sites supporting Ukraine amid the Russian invasion, according to a MalwareHunterTeam report.
While only a few websites were found by BleepingComputer to have been infected with the script, developer Andrii Savchenko noted that the number of WordPress sites compromised to conduct such attacks has already reached hundreds.
"There's about hundred of them actually. All through the WP vulns. Unfortunately, many providers/owners doesn't react," Savchenko said in a tweet.