Ukraine invasion: WordPress-hosted university websites hacked in ‘targeted attacks’

by | Mar 3, 2022 | News

Patreon

Reading Time: 1 Minute

At least 30 Ukrainian university websites have been hacked in a targeted attack allegedly launched in support of Russia’s invasion of the European country.

 

 

In a report released last night (March 1), researchers from Wordfence said the company had witnessed a “massive attack” on Ukrainian education institutions by threat actors identified as the ‘Monday Group’, which it says has publicly supported Russia’s recent actions.

The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since February 24, when Russian troops officially invaded Ukraine.

Cyber assaults

 

A blog post from Wordfence founder and CEO Mark Maunder explains that the company protects over 8,000 websites in Ukraine, including those belonging to more than 300 university institutions. It also provides support to government, military, and police websites.

The security firm said it witnessed a peak of 144,000 web attacks on February 25, one day after the kinetic attack started, Maunder explains.

“The peak is roughly three times the number of daily attacks from earlier in the month across the Ukrainian websites that we protect,” he wrote.

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

Maunder added: “An attacker was making a concerted effort to attack universities in Ukraine, and they started immediately after the Russian invasion started.”

An investigation into the attacks has identified four IP addresses behind the campaign, which are routed through a VPN service based in Sweden.

The hacking group also appears to have links to Brazil, where Wordfence has claimed it is based.

However, the individuals behind the incident have not yet been publicly identified.

 

Destructive campaign

 

The report comes on the heels of new research from ESET, which said several malware families are now being used in targeted attacks against Ukrainian organizations.

blog post from ESET detailed that on February 23, a “destructive campaign” using HermeticWiper targeted multiple organizations.

 

 
 
 

 

The attack used at least three components; HermeticWiper, which makes a system inoperable by corrupting its data; HermeticWizard, which spreads HermeticWiper across a local network via WMI and SMB; and HermeticRansom, ransomware written in Go.

“This cyber-attack preceded, by a few hours, the start of the invasion of Ukraine by Russian Federation forces,” the blog states.

“Malware artifacts suggest that the attacks had been planned for several months.”

HermeticWiper was observed “on hundreds of systems in at least five Ukrainian organizations”, claims ESET, which noted that it has not found any tangible connection with a known threat actor.

 

See Also: Recon Tool: Metagoofil

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Hacking stories: MafiaBoy, the hacker who took down the Internet

 

Source: portswigger.net

Source Link

 

 

 


 

merch

Share This