Thousands of East Asian Websites Hijacked in Ongoing Malicious Cyber Operation
Since early September 2022, a widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences, redirecting visitors to adult-themed content. The attack involves injecting malicious JavaScript code into the hacked websites, often using legitimate FTP credentials obtained by the threat actor through an unknown method. According to a report published by Wiz, a cloud security company, the breached websites, owned by both small firms and multinational corporations, use different tech stacks and hosting service providers, making it difficult to trace a common attack vector.
However, a majority of the websites are either hosted in China or hosted in a different country but are primed for Chinese users. Additionally, the URLs hosting the rogue JavaScript code are geofenced to limit its execution in certain East Asian countries. There are also indications that the campaign has set its sights on Android devices as well, with the redirection script leading visitors to gambling websites that urge them to install an app (APK package name "com.tyc9n1999co.coandroid").
The identity of the threat actor remains unknown, and although their precise motives have not been identified, it is suspected that the goal is to carry out ad fraud and SEO manipulation or drive inorganic traffic to these websites. Notably, phishing, web skimming, or malware infection are absent from the attacks.
Researchers Amitai Cohen and Barak Sharoni said that they remain unsure about how the threat actor has been gaining initial access to so many websites, and they have yet to identify any significant commonalities between the impacted servers other than their usage of FTP. Although the apparent low sophistication of the attack makes it unlikely that the threat actor is using a 0-day vulnerability, it cannot be ruled out as an option.
Thank you for reading our blog. Follow us on social media for more updates and feel free to contact us with any questions or comments. Share with your friends and family. We appreciate your support and look forward to sharing more valuable insights with you.