The hackers who were involved in the attack were attempting to download a specific file named as wp-config.php from WordPress websites as they contain crucial information like database credentials, connection info, authentication unique keys, salts, and much more.
Hackers Target Millions of WordPress Websites in a Major Cyber Attack
They sought to exploit vulnerabilities in WordPress plugins and themes like the cross-site scripting (XSS). This was done to gain access to credentials and eventually take over those websites completely. However, QA engineer and threat analyst Ram Galin stated in a blog post that how the attackers failed to gain access because of the reliable Wordfence Firewall. Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks assigned to harvest database credentials from over 1.3 million websites by downloading their configuration files. The peak of this cyber attack campaign happened on May 30, 2020. At this point, attacks from this campaign accounted for 75 per cent of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem. Security researchers at WordFence were able to connect this attack to a prior one where hackers with 20,000 different IPs attempted to install backdoors and redirect users to malicious sites. They were able to launch nearly 20 million attacks on millions of websites. As with each other hacking case, WordPress site owners can defend their platforms by keeping their plugins and themes up to date by using the latest patches released by the makers. Antiquated themes and plugins should also be eliminated for the cause of security as they are no longer maintained. Check out? Microsoft is Ready to Pay $100,000 to Anyone Who Can Hack its Azure Sphere OS