Skip to Content
Security & privacy

Nasty botnet is attacking some of your favorite websites

Every day, the world is under constant threat of cyberattacks. Data breaches, spam emails, identity theft – there are probably millions of attacks going off at any given minute.

Obviously, some are worse than others. Certain attacks can be devastating, depending on the hackers’ endgame.

With enough digital firepower, hackers could take down power grids, water utilities, communication networks and more in multiple cities around the world. Now, a major botnet has been found that could be building an army of computers to do just that.

What are these hackers up to?

Security researchers at Defiant recently discovered a botnet that contains at least 20,000 websites that use WordPress for publishing. And the impacted sites are being used to infect other WordPress sites and make them part of the botnet.

Note: A botnet is a group of gadgets that hackers have taken over without the owner’s knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.

The hackers are using four command-and-control servers and more than 14,000 proxy servers that are located in, get this, Russia. They are doing this to hide their identity while carrying out brute-force attacks on unsuspecting websites.

Check out the diagram below that illustrates the attack chain:

(Image source:

The question is, what are these hackers up to? It appears, at the moment, they are just building a botnet army.

They could be waiting until they’ve compromised enough websites to carry out a major cyberattack on a country’s infrastructure. The impact of an all-out infrastructure cyberattack can be absolutely crippling to a target state

The consequences of a complete infrastructure shutdown can be utterly devastating. If terrorist hacking groups attack and manage to get operational access to critical civilian infrastructures like our electrical power grid, water utilities, the internet and communication networks, it could take weeks before these services can be restored.

Almost 3 years ago, Russia dropped a cyber-bomb on Ukraine, hacking energy companies and wiping out power to hundreds of thousands. Government security agents say that was just the beginning. A test of sorts for possibly a much bigger plan.

Listen to this free Komando on Demand podcast as Kim takes you through the history of cyber warfare and shares things you should be doing now to prepare for a possible cyberattack.

Tap or click below to listen to this free Komando on Demand podcast!


Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook