- Joined
- May 15, 2016
- Messages
- 13,765
- Likes
- 2,643
- Points
- 1,730
Unknown hackers in an unusual way attract Chinese to adult sites.
Researchers at Wiz Information Security Company reported that since the beginning of September 2022, intruders have hacked about 10,000 websites with a Chinese audience to redirect visitors to adult sites.
A large-scale campaign includes the introduction of JavaScript code on hacked websites using a connection to the target server using stolen FTP accounts.
« In many cases, these were reliable, generated credentials that the attacker somehow received earlier than », — said Wiz experts.
Since hacked websites owned by both small firms and transnational corporations use different technological steaks and hosting, this makes it difficult to track the attack vector. At the same time, the sites have one common feature – most of them are located either in China or in another country, and are intended for Chinese users. Moreover, the URLs on which the JavaScript malicious code is placed are geosonated to limit code execution in some East Asian countries. Researchers added that the campaign also targets Android devices: the redirection scenario leads visitors to gambling sites that urge them to install the ( APK file ) application.
The identity of the attacker is still unknown, and although his exact motives have not yet been established, there is a suspicion that the purpose of the campaign is to fraud with advertising or to attract inorganic traffic to sites of intruders. This campaign is also notable for the fact that it does not use phishing, skimming or malware infection.
Wiz experts find out how the hacker got initial access to so many websites, and also determine the essential common features between the affected servers, except for their use of the FTP protocol. According to experts, given the ease of attack, a cybercriminal was unlikely to use a 0-day vulnerability, but this option should not be ruled out.
__________________
Researchers at Wiz Information Security Company reported that since the beginning of September 2022, intruders have hacked about 10,000 websites with a Chinese audience to redirect visitors to adult sites.
A large-scale campaign includes the introduction of JavaScript code on hacked websites using a connection to the target server using stolen FTP accounts.
« In many cases, these were reliable, generated credentials that the attacker somehow received earlier than », — said Wiz experts.
Since hacked websites owned by both small firms and transnational corporations use different technological steaks and hosting, this makes it difficult to track the attack vector. At the same time, the sites have one common feature – most of them are located either in China or in another country, and are intended for Chinese users. Moreover, the URLs on which the JavaScript malicious code is placed are geosonated to limit code execution in some East Asian countries. Researchers added that the campaign also targets Android devices: the redirection scenario leads visitors to gambling sites that urge them to install the ( APK file ) application.
The identity of the attacker is still unknown, and although his exact motives have not yet been established, there is a suspicion that the purpose of the campaign is to fraud with advertising or to attract inorganic traffic to sites of intruders. This campaign is also notable for the fact that it does not use phishing, skimming or malware infection.
Wiz experts find out how the hacker got initial access to so many websites, and also determine the essential common features between the affected servers, except for their use of the FTP protocol. According to experts, given the ease of attack, a cybercriminal was unlikely to use a 0-day vulnerability, but this option should not be ruled out.
__________________