by Security vendors have recently found that thousands to tens of thousands of websites have been controlled by hackers using legitimate FTP credentials and other methods, and have launched data theft on hundreds of thousands of users, or directed to adult websites. Security vendor Wiz found that since September last year, tens of thousands of websites for Chinese users have been hacked and hijacked by unknown attack groups, and their user-oriented webpages have been implanted with stealing code. The attack is still ongoing. Researchers first discovered that hackers hijacked multiple web services hosted on Azure services in East Asia, suspected to be part of a larger attack. The attacker accesses these services from an FTP endpoint dedicated to managing Web Apps, and accesses these services from a static IP with legitimate FTP credentials, and adds a line of Javascript tags referencing remote web hosting to the original HTML code. Some of these maliciously modified web pages can also direct the visiting users to adult websites. The researchers judged that these legitimate FTP login credentials may have been leaked before and obtained by hackers.
