SecurityWeek reports that more than 17,000 WordPress sites, including 9,000 sites vulnerable to the recently addressed TagDiv Composer front-end page builder plugin flaw, tracked as CVE-2023-3169, have been infected as part of the long-running Balada Injector campaign.
Malicious code injected into a certain WordPress database facilitated by the exploitation of the vulnerability enabled site access that was then leveraged by threat actors to deploy plugins and backdoors, as well as create admin accounts that would ensure persistence, a Sucuri report revealed.
"We observed a rapid cycle of modifications to their injected scripts alongside new techniques and approaches. We saw randomized injections and obfuscation types, simultaneous use of multiple domains and subdomains, abuse of CloudFlare, and multiple approaches to attack administrators of infected WordPress sites," said Sucuri, which previously noted in April that the Balada Injector campaign has already compromised more than 1 million WordPress sites during the past six years.
Third-party code, API security, Security Staff Acquisition & Development
Balada Injector campaign compromises thousands of WordPress sites
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds