Watering Hole Attack

In a watering hole attack, the attacker first profiles the victim community — employees of a target organization, government workers, members of a niche industry — and identifies websites they trust and visit often. The attacker then compromises one of those sites or injects malicious code into a third-party resource it loads, so that visitors are silently exploited by drive-by downloads, fingerprinted, or redirected to credential phishing pages. Targets are often filtered by IP range, user agent, or geography to keep the campaign stealthy. Defences include patching browsers and plugins, EDR, application allowlisting, web filtering, content security policies and strict separation between personal browsing and high-value workstations.