VERY IMPORTANT

Prevailion’s Tailored Intelligence team has followed an active supply chain attack that has been ongoing since late 2017, we named this campaign “PHPs Labyrinth.” In this operation, threat actors have been able to surreptitiously install malicious files into a large number of Premium WordPress Themes and Plugins. We assess that the responsible party chose to target WordPress as it makes up 60% of all Content Management systems, and 34% of all websites on the internet. WordPress themes and plugins allow the average person to quickly and easily create a website through “drag and drop” features, rather than coding an entire website themselves.