Monday, May 19, 2025
HomeCyber AttackMassive Hacking Campaign Targets Wordpress Websites to Steal Database Credentials

Massive Hacking Campaign Targets WordPress Websites to Steal Database Credentials

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals launched more than 130 million attacks aiming to harvest database credentials from 1.3 million WordPress sites.

In this massive attack campaign, cybercriminals used several plugin and theme vulnerabilities across the WordPress ecosystem.

Security researchers from Wordfence observed the attack, the peak of the attack occurred on May 30, 2020.

- Advertisement - Google News

Campaign Linked to Previous

Researchers were able to link the campaign with the same threat actor who previously targeting XSS vulnerabilities at a similar scale.

The previous campaign was conducted from 20,000 different IP addresses and the new campaign also using the same IP address.

All the attack targets older vulnerabilities in outdated plugins or themes that let attackers to download files or to export.

With this campaign the threat actor attempting to download wp-config.php file, which is the core that contains the website’s base configuration details, such as database-connection information.

The previous campaign targeted only XSS vulnerabilities whereas the new campaign targets number in outdated plugins or themes. But researchers believe both the attacks carried out by the same threat actor.

By downloading the file attackers can download database credentials and connection information that lets attackers gain access to the site’s database.

The database is the place where all the site contents such as usernames, passwords, posts, pages, and comments, even the website theme, and WordPress configuration settings.

If your website infected by this campaign you can find the entries “containing wp-config.php in the query string that returned a 200 response code,” reads Wordfence blog.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems

A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on...

Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution

Threat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence...

New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials

AhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also...

Health Care Data Breach Costs BreachForums Admin $700,000 Fine

Conor Brian Fitzpatrick, the 22-year-old former administrator of cybercrime forum Breachforums, will forfeit approximately...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems

A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on...

Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution

Threat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence...

New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials

AhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also...