> has anyone got any source where someone has been victim of such attacks?
Yes, the most well-known victim was GitHub. A malicious MITM injected JavaScript code into an unrelated non-HTTPS page, making browsers which visited that page do a DDoS attack against GitHub. Quoting https://arstechnica.com/information-technology/2015/04/meet-... "[...] The junk traffic came from computers of everyday people who browsed to websites that use analytics software from Chinese search engine Baidu to track visitor statistics. About one or two percent of the visits from people outside China had malicious code inserted into their traffic that caused their computers to repeatedly load the two targeted GitHub pages. [...]"
Yes, the most well-known victim was GitHub. A malicious MITM injected JavaScript code into an unrelated non-HTTPS page, making browsers which visited that page do a DDoS attack against GitHub. Quoting https://arstechnica.com/information-technology/2015/04/meet-... "[...] The junk traffic came from computers of everyday people who browsed to websites that use analytics software from Chinese search engine Baidu to track visitor statistics. About one or two percent of the visits from people outside China had malicious code inserted into their traffic that caused their computers to repeatedly load the two targeted GitHub pages. [...]"