Experts observed cyberattack surge against Ukrainian WordPress sites

Experts Cyberattack Surge Ukrainian WordPress CMS Website Protection

Experts have seen a massive surge of cyberattacks that targeted Ukrainian WordPress sites and attributed it to the current Russia-Ukraine conflict. Over a hundred thousand attacks were recorded within February 2022, with more than 200,000 cyberattacks between February 25th and 27th.

Moreover, another researcher explained that most of the attacks were exclusively on a subset of over 300 academic websites. Based on the tally, about 30 university websites inside Ukraine were compromised by threat attacks that affected the educational sector through service unavailability and defacement.


Researchers noticed that the threat actors targeting the Ukrainian WordPress sites do not entirely come from Russia.


Based on recent observation, the threat actors responsible for the cyberattacks against the Ukrainian WordPress sites are allegedly from Brazil, which goes by the group name Mx0nday.

They conducted their cyberattack campaign through a Finish IP address with the aid of Njalla, another notorious internet entity allegedly based in Sweden.

This specific threat group has a history of attacking websites from different countries like Indonesia, Turkey, Spain, the United States, Brazil, and Argentina.

Furthermore, a researcher noticed a new vulnerability in a cloning plugin for WordPress. This flaw, according to experts, could put millions of users at risk since it left some sensitive backup exposed to any threat actor. The vulnerability can also possibly disclose authentication information and personal data.

Last February this year, another WordPress plugin called ‘PHP Everywhere’ showed a sign of having a critical flaw. Threat actors could exploit these vulnerabilities to operate arbitrary code on infected systems.

This current Russian-Ukraine conflict heavily impacts Ukrainians and their partners since cybercriminals are joining the ongoing invasion of Russia.

WordPress sites should be cautious of hackers since many will take advantage of the ongoing situation. Experts recommend that these plugins should be updated by their developer soon.

About the author

Leave a Reply