Ukraine targeted by DDoS attacks from compromised WordPress sites

Ukraine’s computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal.

The threat actors, who at this time remain unknown, are compromising WordPress sites and injecting malicious JavaScript code to perform the attacks.

These scripts are placed in the HTML structure of the main files of the website and are base64-encoded to evade detection.

The code runs on the website visitor’s computer and directs their available computational resources to generate an…