Yesterday we published a report on a curious website hijacking campaign we've been investigating over the past few months. We initially found several web applications operated by a few different companies, all hosted in China, get compromised around the same time by the same actor.
These apps were all using strong FTPS creds, but the attacker was somehow able to get these passwords and use them to log in and modify pages to redirect users to adult websites.
As we kept digging we discovered thousands of compromised websites across many different hosting providers, but we're still not sure how this is happening. Check out the report for more details.
