March 7, 2024 at 09:21AM
Threat actors are launching distributed brute-force attacks on WordPress sites through malicious JavaScript injections, causing unauthorized access to target sites. This shift from crypto drainers to brute-force attacks may be driven by profit motives, as compromised sites can be monetized in various ways. Prior attacks have exploited vulnerabilities in WordPress plugins and deployed JavaScript malware targeting website visitors.
Based on the meeting notes, here are the key takeaways:
1. Threat actors are conducting distributed brute-force attacks against WordPress sites by injecting malicious JavaScript, targeting over 700 sites to date.
2. The attack unfolds over five stages, enabling the threat actor to take advantage of compromised websites to launch distributed brute-force attacks against potential victim sites.
3. The motivation behind the switch from crypto drainers to distributed brute-force attacks is believed to be profit-driven, as compromised WordPress sites could be monetized in various ways.
4. In addition to the distributed brute-force attacks, threat actors are also exploiting a critical flaw in the WordPress plugin 3DPrint Lite and deploying the Godzilla web shell for persistent remote access.
5. There is a new SocGholish campaign targeting WordPress websites, distributing JavaScript malware via modified versions of legitimate plugins to trick unsuspecting website visitors into downloading remote access trojans.
Feel free to let me know if you need more details or if there’s anything else you need assistance with.