Threat actors are compromising WordPress sites to insert a malicious script that uses visitors’ browsers to perform distributed denial-of-service attacks on Ukrainian websites.