Hackers are fighting a war over 300K vulnerable WordPress sites
Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors’ attacks.
The critical vulnerability allows unauthenticated attackers to upload malicious PHP files and execute arbitrary code following successful exploitation [1, 2, 3]. File Manager’s dev team addressed the flaw with the release of File Manager 6.9.
Even though the flaw was patched within hours after the devs were informed by Seravo’s on-call security officer Ville Korhonen who discovered the zero-day flaw and the ongoing attacks trying to exploit it, researchers with WordPress security firm Defiant spotted more than 1.7 million sites being probed by threat actors between September 1st and September 3rd.
In an updated report published today, Defiant threat analyst Ram Gall says that the threat actors haven’t stopped their siege, with the total number of WordPress sites being targeted going up to 2.6 million.
NinTechNet, who also reported the exploit attempts when the attacks started, also discovered the attackers’ attempts to block others from compromising already infected site by password protecting files exposed to writing by the File Manager flaw.
In all, Defiant’s researchers saw attacks trying to exploit this vulnerability originating from more than 370,000 separate IP addresses, with almost no overlap in backdoor access activity.
“The single exception is the IP 51.83.216.204, which appears to be a third party opportunistically checking for the presence of both of these backdoors and then attempting to add a backdoor of its own, without much success,” Gal added.
Reference:
Latest News & Events
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055