Security News > 2020 > April > Holy Water watering hole attack targets visitors of certain websites with malware
In a report published Tuesday, Kaspersky detailed the behavior of several watering hole websites established through a malware campaign dubbed Holy Water.
To set up a watering hole attack, cybercriminals observe or ascertain which sites are visited by particular groups of people and then compromise those sites with malware.
After learning of the malware attack from Kaspersky, GitHub disabled the repository for the file, which at least stopped the infection aspect of the campaign.
Almost 10 websites have been compromised with at least dozens of implanted hosts, showing that the attackers have established a large but targeted type of watering hole campaign.
"A watering hole is an interesting strategy that delivers results using targeted attacks on specific groups of people," Ivan Kwiatkowski, Kaspersky senior security researcher, said in a press release.
News URL
Related news
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)