Watering hole
A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user’s computer and gain access to the network at the target’s place of employment.
Types
- Java exploits
- Flash exploits
- Internet Explorer(IE)
- JAR
- HTML
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| Operation Dust Storm | threat actor | 2010-2015 | Op_Dust_Storm_Report.pdf
|
| ZooPark | threat actor | 2015-2017 | ZooPark_for_public_final_edit.pdf
|
| Operation Cleaver | threat actor | 2012-2013 | Cylance_Operation_Cleaver_Report.pdf
stamp.jsp?tp=&arnumber=7460498&tag=1 |
| Epic Turla | threat actor | < Known years active > | The_Epic_Turla_Operation.pdf
KL_Epic_Turla_Technical_Appendix_20140806.pdf ICIT-Brief-Know-Your-Enemies-2.0.pdf Turla_2_Penquin.pdf |
| Energetic Bear | threat actor | 2010-2014 | EB-YetiJuly2014-Public.pdf
|
| APT38 | threat actor | 2014-2018 | rpt-apt38-2018-web_v4.pdf
|
| Careto | threat actor | 2008-2014 | unveilingthemask_v1.0.pdf
|
| Wild Neutron | threat actor | 2013-2015 | WildNeutron_Economic_espionage.pdf
ICIT-Brief-Know-Your-Enemies-2.0.pdf |
Preventions
- Keep all commonly used software and operating systems patched and updated to the latest versions
- Inspect all popular websites that employees visit and routinely inspect these sites for malware
- Configure browsers or other tools to use website reputation services to notify users of known, bad websites
Detections
- Collect user-agents and alert on old versions of flash and IE
Toolkit
<Toolkit instructions, if applicable>