Cloud security startup Wiz has discovered a redirection campaign affecting thousands of websites targeting East Asian audiences, with at least 10,000 compromised since September 2022.
In some cases, the website administrators removed the malicious redirection, only to notice that it reappeared shortly after.
The goal of the campaign, Wiz says, could be ad fraud or SEO manipulation, but it is also possible that the attackers are simply looking to increase traffic to the destination websites.
Wiz is unsure how the threat actor has been gaining initial access to so many websites and has yet to identify any significant commonalities between the impacted servers other than their usage of FTP.
Although it’s unlikely that the threat actor is using a zero-day vulnerability given the apparently low sophistication of the attack, this option cannot be ruled out.
The attack could have other nefarious activities, and the cybersecurity startup recommends being vigilant and taking necessary measures to secure their websites.