Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
Wordfence: 5 reasons why nobody’s website is safe from cyber attacks
Why isignificant websites suffer multiple cyber attacks? Wordfence answers to this question on its blog. The hackers of cybercrime aim at a collection of resources that they can steal or exploit and their principal aim is to make money. So they search for any tool or advantage available to reach their goal. The most common are 5: from the server hosting the target to the reputation of the site, passing through the data included, the incoming traffic and its importance for the victim.
Cybercrime can turns insignificant sites into gold mines, thanks to cryptocurrencies generating programs, and use their reputation for its purposes
On the first issue, isignificant websites could be turned in gold mines. It thanks to many programs for generating cryptocurrencies. WordPress sites last december sufferend a massive cryptomining campaign, whose purpouse was create Monero. On the second, as the target site is considered legitimate, Google assume that the contents – outbonds included – are also legitimate. So malicious hackers with a cyber attack can put SEO spam inside it. Or phishing pages, without being detected by services like Google Safe Browsing. Furthermore, cybercrime can send spam email, attack other sites or host malware, using a victim’s “clean” site.
Malicious hackers are interested in earn profits: stealing credentials and sensitive data, taking advantage of sites traffic (politically too) and with ransomware/malware
Third point is the data included in the victim’s site. Not only if the target accepts credit cards, but if in the site there are forms too. Credentials and sensitive data are ever a great booty. In the fourth, cybercrime can use a victim’s site traffic to earn profits. At first with malicious redirects (usually to spam site, pop-up, plug-in or other sites); then with defacements, to maximize the dissemination of a message, ordinarily politic but not only. Finally putting inside a malware to spread it, taking advantage of the high traffic. Five and last point is the importance of the website for the victims. Especially with personal pages, the content is very important for the owner. So, for cyber aggressors, injecting a ransomware on it could be a good solution to earn money in a fast and easy way.