Case Overview
Watering hole is an attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected [1].
July, 2012. Several high-profile institutions (financial and tech sectors) were victimized by a watering hole attack.
Layout
Step 1. Stake out watering hole
Insert an iframe that redirects users to a 0-day malware download (Trojan Gh0st RAT).
Step 2. Catch the visiting gazelles
People use their corporate laptops and get infected.
Step 3. C&C
Malware talks to its C&C and exfiltrates the data to one of two China servers. The infected machine becomes a new lauch point for the attack. Hunt the priviledges users to gain access to serious data.
Lessons Learned
References
[1] Wikipedia, Watering Hole