Sophisticated Watering Hole Attack

2021-01-20 12:00

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers.

The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors' devices.

The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android.

Combined with the robustness of the attack code - which chained together multiple exploits in an efficient manner - the campaign demonstrates it was carried out by a "Highly sophisticated actor."

The modularity of the payloads, the interchangeable exploit chains, and the logging, targeting, and maturity of the operation also set the campaign apart, the researcher said.

No attribution was made, but the list of countries likely to be behind this isn't very large.

News URL

https://www.schneier.com/blog/archives/2021/01/sophisticated-watering-hole-attack.html

#attack