![]() ![]() However, the script includes functionality to dynamically generate appropriate passwords based on common patterns,” researchers said. “The wordlists associated with this campaign contain small sets of very common passwords. That attack chain starts with the rogue script which has automated attempts to gain access to the XML-RPC interface using common usernames and passwords. “These attacks were launched by malicious scripts planted on other WordPress sites, which received instructions from a botnet with a sophisticated attack chain,” researcher said. XML-RPC is an API that Android and iOS mobile app developers use to link apps to WordPress websites. Specifically targeted in the attacks is WordPress’s XML-RPC interface (/xmlrpc.php). He said Wordfence and Defiant are working with law enforcement to secure the vulnerable resources. Those sites are running an attack script which attacks targeted WordPress sites,” wrote Mikey Veenstra, a web security researcher at Wordfence, in a post.Īccording to Veenstra, the infected WordPress sites, and the C2 sites controlling them, are still online and could be exploited by additional adversaries. The requests pass through the proxy servers and are sent to over 20,000 infected WordPress sites. “ use these proxies to anonymize the C2 traffic. The attacks, first identified by the Defiant Threat Intelligence Team and reported by Wordfence on Wednesday, utilized four command-and-control (C2) servers that in turn send requests to over 14,000 proxy servers tied to a Russian internet firm called Best Proxies, according to the Wordfence. Behind the WordPress-on-WordPress assault is a widespread brute-force password attack leveraged through a Russian proxy provider and targeting a developer application program interface (API). ![]() ![]() WordPress sites are being targeted in a series of attacks tied to a 20,000 botnet-strong army of infected WordPress websites. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |