Hackers Attacked Thousands of Asian Websites and Redirected Users to Adult Websites

Wiz experts have discovered a malicious campaign that was active since September 2022, in which hackers attacked thousands of sites in Asia.

Also the media reported that Cyber-Espionage Group Worok Attacks Asian Governments and Companies.

At least 10,000 sites targeting an East Asian audience have been hacked and are now redirecting visitors to adult sites.

The hacked sites belong to either to small firms and or multinational corporations, all using different technology stacks and hosting, making it difficult to spot a common attack vector. One of the few “common denominators” is that most of the compromised resources are hosted in China or in another country, but are targeted at Chinese users.

Attackers inject malicious JavaScript into hacked sites, often connecting to the target web server using real FTP credentials. And how exactly the attackers get them, the experts failed to find out.

The report also notes that URLs hosting malicious JavaScript are restricted to specific geofences so that the code only runs in a number of East Asian countries.

In addition, experts have found signs that this campaign is also aimed at Android. In such cases, the redirect script takes visitors to gambling sites that call for installing a special application (APK com.tyc9n1999co.coandroid).

What kind of group is behind these attacks, and what goals it pursues, is still unclear until the end. A notable aspect of these attacks is the absence of phishing, web skimming, or malware. One theory says that the purpose of hackers is ad fraud and SEO manipulation. It’s also possible that it’s about driving non-organic traffic to specific sites.