RSS Feed

Case 2. Watering Hole Attack

Created: 28.11.2018

Case Overview

Watering hole is an attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected [1].

July, 2012. Several high-profile institutions (financial and tech sectors) were victimized by a watering hole attack.


Step 1. Stake out watering hole

Insert an iframe that redirects users to a 0-day malware download (Trojan Gh0st RAT).

Step 2. Catch the visiting gazelles

People use their corporate laptops and get infected.

Step 3. C&C

Malware talks to its C&C and exfiltrates the data to one of two China servers. The infected machine becomes a new lauch point for the attack. Hunt the priviledges users to gain access to serious data.

Lessons Learned


[1] Wikipedia, Watering Hole