WordPress Botnet Infects Over 20,000 Sites and Turns Them into Attack Bots

  • 404

Wordfence, a Security firm has reportedly uncovered a massive Brute force attack launched on WordPress sites.

This attack reportedly infected over 20,000 WordPress sites and turned each of these into an ‘Attacker site’ that attacks other WordPress sites.  Although the motive of this attack is unknown, the courses of events indicate a well-planned cyber attack.

The Two-Step Attack

In the first phase of this attack, the Hacker attacked WordPress sites through four C2 or Command to Control Servers.  Consequently, the Attackers used these C2 Servers to send requests to around 14,000 Russian proxies.

Next, the Hackers infected over 20,000 WordPress websites with a malicious ’Attack Script’, which turned each of these sites into an attacker site. Finally, each of these 20,000 WordPress websites attacked other WordPress websites, using brute force.

Presently, there are several websites that are infected with the ‘Attack Script’, turning them into attacker sites that have been attacking other websites. Wordfence, the Security firm claims to have blocked over 5 million authentication attempts with its Brute Force Protection and real-time IP Blacklist.

The Discovery

The attacker reportedly made some mistakes, due to which the security firm was able to track down the C2 servers despite several layers of shielding employed by the Attacker. According to reports, three of the C2 Servers belong to HostSailor, and one belongs to Selectel.

According to a report published by WordFence, best-proxies[.]ru has been identified as the service provider, that made these 14,000 proxy servers available. Wordfence was able to track down the IP on its Firewall due to certain discrepancies in the attack script.

The Cyber Security Firm is presently involved in the process of informing the concerned persons. This includes the Law Enforcement Agencies and hosts of affected WordPress websites so that each of them can take adequate measures to counter the issue.


Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

One thought on “WordPress Botnet Infects Over 20,000 Sites and Turns Them into Attack Bots

Comments are closed.

Do NOT follow this link or you will be banned from the site!