US Postal Service is the latest victim of the so-called “Blackhole” toolkit. The toolkit is easy to use and provides obfuscation features that help it evade antivirus detection. Blackhole is the most popular toolkit among website attackers, Symantec says. The attack begins by exploiting an injection flaw on the website, usually SQL injection, and sticking iFrames on the page. It then places encoded JavaScript somewhere at the bottom of the page, for instance, and redirects him to the Blackhole exploit kit server.”]
Source: https://www.darkreading.com/attacks-breaches/us-postal-service-website-hit-with-blackhole-exploit