Security researchers from Imperva have tracked and analyzed a highly sophisticated botnet which they believe to be responsible for infecting hundreds of thousands of websites by attacking their content management system (CMS) platforms.

The botnet, named KashmirBlack, has been in operation since November of last year and while it started out small, it has now evolved into a sophisticated operation capable of attacking thousands of sites each day.

In its two part blog series titled “CrimeOps of the KashmirBlack Botnet”, Imperva’s researchers explained that the botnet’s main purpose is to infect websites in order to use their servers to mine cryptocurrency, redirect legitimate web traffic to spam pages and show web defacements.

The operators of KashmirBlack target known vulnerabilities to take over sites running a wide variety of popular CMS platforms including WordPress, Joomla!, PrestaShop, Magento, Drupal, vBullentin, osCommerce, OpenCart and Yeager.

Imperva’s Ofir Shaty and Sarit Yerushalmi provided further insight on KashmirBlack’s capabilities in a blog post, saying:

“The KashmirBlack botnet mainly infects popular CMS platforms. It utilizes dozens of known vulnerabilities on its victims’ servers, performing millions of attacks per day on average, on thousands of victims in more than 30 different countries around the world. It has a complex operation managed by one C&C (Command and Control) server and uses more than 60 – mostly innocent surrogate – servers as part of its infrastructure. It handles hundreds of bots, each communicating with the C&C to receive new targets, perform brute force attacks, install backdoors, and expand the size of the botnet.”

In order to expand the size of its botnet, KashmirBlack scans the internet searching for sites with outdated software. When it finds one, its operators use exploits for known vulnerabilities to infect both the vulnerable site and its underlying server.

Since its creation in November of last year, the botnet has abused 16 vulnerabilities in Joomla!, Magento, Yeager, WordPress, vBulletin and other CMS software according to Imperva. However, the security firm’s researchers believe a hacker, who goes by the handle Exect1337 and is a member of the Indonesian hacking group PhantomGhost, is the person behind KashmirBlack.

Sign up to get breaking news, reviews, opinion, analysis and more, plus the hottest tech deals!

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.


Botnet, Content management system, Computer security, Cyberattack, Research

World news – GB – This CMS cyberattack has affected thousands of sites worldwide

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici


Please enter your comment!
Please enter your name here