Ukraine’s computer emergency response team (CERT-UA) has warned of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine websites and the government portal.

To conduct the attacks threat actors behind this campaign are leveraging compromised websites, most of which are running WordPress CMS. These hacked websites contain a malicious JavaScript code, tracked as BrownFlood, which generates malicious traffic to a list of URL addresses included in the malicious code.

“To detect similar to the mentioned abnormal activity in the log files of the web server, you should pay attention to the events with the response code 404 and, if they are abnormal, correlate them with the values of the HTTP header "Referer", which will contain the address of the web resource initiated a request,” the CERT-UA explains.

The CERT-UA tracks the observed DDoS campaign as UAC-0101. The team said it has notified owners of the compromised websites, their registrars, and hosting providers. It is not clear who may be behind the attacks, but it's possible that they are politically motivated.

Earlier in the week, Microsoft released a report detailing Russian cyber operations in Ukraine, according to which Russian state-backed hackers carried out over 230 cyberattacks against Ukraine.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!