CERT-UA, Ukraine’s computer emergency response team, warned of ongoing DDoS attacks targeting pro-Ukraine sites. The threat actors are compromising WordPress sites and injecting malicious JavaScript code to perform the attacks. The attacks are designed to overwhelm websites making them inaccessible to regular visitors. The targeted sites are a mix of Ukrainian government sites and organizations supporting Ukraine such as fundraising campaigns. It is still unknown who is responsible for the attacks, but a similar operation was carried out against Ukrainian websites in March. CERT-UA is working with organizations to defend against the DDoS attacks and has provided detection tools to website administrators.
Analyst Notes
After Russia’s unprovoked invasion of Ukraine, several cybercriminals condemned Russia’s actions and vowed not to attack Ukrainian organizations. At the same time, users on Russian criminal forums publicly supported Russia. It is likely these supporters are responsible for the website attacks in some way. It is no secret that Russian Intelligence leverages state sponsored actors to carryout cyber operations. The support from criminals who were previously only motivated by financial gain may have presented Russia with more options to conduct these attacks, or simply encourage independent hackers to conduct attacks. It is possible Russia is utilizing known threat actors to carry out DDoS attacks in Ukraine; it is more likely these individuals are carrying out these attacks on their own in support of Russia out of a sense of patriotism. Either way, Vladimir Putin has paved the way for a full scale cyber war in Ukraine.
https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-ddos-attacks-from-compromised-wordpress-sites/
