Home/News/Exposed Hacker Server Details WP-SHELLSTORM WordPress Attacks
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

Exposed Hacker Server Details WP-SHELLSTORM WordPress Attacks

Exposed Hacker Server Details WP-SHELLSTORM WordPress Attacks

A cybercrime server, left exposed online for three weeks, has provided researchers with an unprecedented look into the WP-SHELLSTORM operation, a mass site-hacking campaign targeting WordPress installations. The server's contents included hacking tools, activity logs, and target lists comprising over 1.4 million websites. While not all listed sites were compromised, the exposed data offers a detailed view of the operation's methodology and infrastructure.

The WP-SHELLSTORM campaign primarily utilizes a backdoor known as "WP-SHELLSTORM," which allows attackers to gain persistent access to compromised WordPress sites. This backdoor enables the attackers to execute arbitrary commands, upload malicious files, and exfiltrate sensitive data. The exposed server logs indicate that the attackers were actively managing compromised sites, performing various malicious actions, and maintaining their foothold.

Researchers from Wordfence, who discovered and analyzed the exposed server, detailed the operation's sophistication. They observed the attackers using the server to coordinate attacks, manage botnets, and distribute the WP-SHELLSTORM backdoor. The logs also revealed the attackers' focus on exploiting known vulnerabilities in WordPress plugins and themes, a common tactic to gain initial access.

The exposure of this server is significant because it offers concrete evidence and detailed insights into the scale and operational procedures of a large-scale WordPress hacking group. This information is crucial for cybersecurity professionals to develop more effective defenses against such threats and to understand the evolving tactics of cybercriminals targeting the widely used content management system.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next