'Watering hole’ attackers hunt from Reporters without Borders

  • Liam Tung (CSO Online)
  • — 23 January, 2013 14:33

The same Internet Explorer 8 flaw that hackers had a zero-day exploit for attacks on a US think thank website last year is now being used for attacks on visitors to human rights websites.

The website of NGO ‘Reporters without Borders’ is the latest launchpad for a so-called ‘watering hole attack’, which have hit numerous human rights website in the past weeks, Avast security researcher Jindrich Kubec wrote in a post Tuesday.

Hackers create a watering hole by injecting malicious code into a website that redirects visitors to an exploit page designed to infect the target with malware. It’s the same method used in a typical drive-by download attack on random visitors, except the watering hole has been selected for the audience it attracts.

While recent watering hole attacks have relied on exclusive zero day flaws to compromise target systems, this one uses a recently patched IE flaw and two patched Java flaws to infect victims, wrote Kubec.

“They act as opportunists and try to take advantage of the time frame between the patch release and the patch application of some users, companies and non-governmental organizations,” he noted.

Features of the attack kit on Reporters without Borders’ website mean it’s likely to have been rigged by the same group behind recent attacks on Tibetan, Uygur human rights websites and political parties in Hong Kong and Taiwan, according to Kubec.

“In our opinion the finger could be safely pointed to China (again)," wrote Kubec.

Ahead of Christmas last year, Chinese hackers were suspected of planting a watering hole that used a zero day flaw to net victims that visited the website of foreign policy think tank, Council on Foreign Relations.

The attack only served an exploit to browsers that run on operating systems using US English, Chinese, Taiwanese Chinese, Russian, Japanese or Korean, according to security firm FireEye. http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html

Symantec noted at the time that the attack would have demanded skills and resources outside most hackers' capabilities.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: watering hole attack

Turkey’s ISPs hijack Google’s DNS service, killing bypass for Twitter, YouTube ban

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Security and Data Protection

Protect your computers and data.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.