Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites.
MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites.
The only evidence of the ongoing attack is the slowing down of the browser performance.
According to BleepingComputer, which first reported the discovery, DDoS attacks targeted pro-Ukrainian sites and Ukrainian government agencies, including think tanks, recruitment sites for the International Legion of Defense of Ukraine, and financial sites.
The script generates random requests to avoid that they are served through a caching service.
In an interesting twist, BleepingComputer discovered that the same script is being used by the pro-Ukrainian site to launch attacks against Russian websites.
“When visiting the site, users’ browsers are used to conduct DDoS attacks on 67 Russian websites.” states BleepingComputer.