Researchers report indicating that over 1.3 million sites were part of an attack campaign that generated over 130 million attempts to harvest credentials for WordPress databases. This campaign represented over seventy-five percent of all attempted exploits against WordPress systems for the days specified (May 29 through May 31). Researchers indicated those carrying out this campaign were probably the same as those who’d carried out a previous campaign attempting to exploit XSS vulnerabilities. The previous XSS campaign utilized over twenty thousand different IP addresses in its attack. These IPs were also used in the current campaign. The target of this campaign was the file wp-config.php, which contains database credentials as well as connection information, authentication unique keys, and salts. With this information, an attacker could gain full control over the site’s database.
Block all threat indicators at your respective controls.
Search for IOCs in your respective environments.