Security researchers from Sucuri have identified a new spam campaign making rounds lately. Strangely, it only targeted users from South Korea. According to Sucuri researchers, doorway pages were extensively deployed in this campaign for users who used a Korean version of search engines, as well as had Korean as their default browser language. In fact, the researchers suggest that other website owners are affected by this campaign since it could manipulate search results.
On top of targeting Korean users, the threat actors leveraged non-hacked WordPress sites in their act of spamming search engines.
“In addition to common black hat SEO tactics, this campaign uses a very interesting (and disturbing for WordPress users) approach to spamming search engines. The configuration files contain lists of 500 random (and uncompromised) WordPress sites with the following format: http://example.com/?s=[content],” said Sucuri’s blog. This led to indexing spam pages in search engines.