Wiz, a cloud security startup, has issued a warning about a widespread redirection campaign in which thousands of East Asian-targeted websites have been affected using legitimate FTP credentials. In many cases, the attackers gained access to highly secure auto-generated FTP credentials and utilized them to hijack the victim websites to redirect visitors to adult-themed content.
The campaign, which has most likely been ongoing since September 2022, has compromised at least 10,000 websites, many of which are owned by small businesses and large corporations. According to Wiz, differences in hosting providers and tech stacks make identifying a common entry point difficult to identify a common entry point.
As part of the initial incidents, the attackers added “a single line of HTML code in the form of a script tag referencing a remotely hosted JavaScript script” to the compromised web pages. The injected tags cause a JavaScript script to be downloaded and executed on the machines of website visitors.
According to Wiz, in some cases, JavaScript code was injected directly into existing files on the compromised server, most likely via FTP access, ruling out the possibility of malvertising.
The cybersecurity startup has identified a number of servers associated with this campaign, which serve JavaScript variants that share many similarities, implying they a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: