Attackers know their own potential and they know government sites must be most of the time online. Those sites are known for having a decent amount of traffic and their protection barriers are not the best.

More than 4,000 (~4,200) government agency sites were infected with malicious code that allowed them to mine crypto currencies.

The attack vector and images:

How come criminals attacked more than 4000 sites? They did not do it. They attacked the one site that they all load content from. In this case, Text Help software.

They use a software called: Browsealoud, which allows reading out web pages for people with vision disabilities. This tool was the thread vector for the attacks. There were several versions of this software on the internet that ware already corrupted or compromised.

This is called cryptojacking, this attack forces a user’s computer to mine cryptocurrency without their permission, generating profits for the hacker. The aim with the infected update was to insert malicious code that allow mine Monero on user computers that visited the infected sites.

Texthelp, Browsealoud developer, is working already with the government agencies to solve the problem.