Watering Hole Attack

A watering hole attack targets a specific group of users by compromising a website they frequently visit. Instead of attacking the targets directly, the attacker identifies websites commonly used by the target group, compromises those sites, and plants malware that infects visitors. The name comes from predators waiting at watering holes where prey gathers.

Watering hole attacks are particularly effective against well-defended organizations because the malware comes from a trusted source — a website the user visits regularly for work. Defense industry forums, professional association websites, and sector-specific resources can all be targeted.