New findings from Prevailion’s Tailored Intelligence team indicate the rapid expansion of a series of supply chain attacks that transform installations of the popular WordPress content management system into hosts for a malicious advertising network. More than 20,000 web servers have been identified to be compromised in this campaign.
WordPress has grown to become the backbone of 60% of content management systems, comprising 34% of all websites on the internet. This widespread user base and the ease in which a website can be personalized without knowledge of coding has created a fertile ground for exploitation by threat actors that we have dubbed PHP’s Labyrinth.
As previously reported, a threat actor campaign has been vehicularizing WordPress’ customization tools by enticing victims with trojans disguised as free themes and plugins. Once these are installed, not only can threat actors compromise admin accounts, they can also prop up malavertising ads and use this vector to deliver exploit kits both would allow threat actors to compromise visitors of those websites.
Prevailion has been working closely with a US federal law enforcement agency to provide new evidence on the threat actor behind this sophisticated botnet, along with the discovery of previously unreported malicious activities, including:
Karim Hijazi, who served as the director of intelligence of the cybersecurity firm Mandiant and now serves as CEO of the security firm Prevailion, said the hackers will likely have “gone to ground” at this point.
While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another sophisticated crime actor that companies need to be watching out for.The group is called TA505 and it is believed to be […]
“This was the most pristine espionage effort, unlike anything we’ve seen in a very long time,” said Karim Hijazi, a former intelligence community contractor. “Everyone in the cybersecurity community is freaking out, because we don’t know where this could stop.”