Romanian Cyber Security Journal / Spring 2022, No. 1, Vol. 4

Malicious Strategy: Watering Hole Attacks

Mihai APOSTOL, Bogdan PALINIUC, Rareș MORAR, Florin VIDU

---

Abstract

A recent attack strategy named watering hole attack has evolved in the past years, a combination of different techniques which are aimed at companies network by infecting websites which are frequently accesed by its employees. This paper aims to bring a better understanding and awareness of this type of attack. A case study is included in this research and also an analysis of Earth Lusca, a criminal organization whose strategy is concentrated on watering hole attacks.

Keywords

Holy Water Attack, Cross Site Scripting, File Upload, Earth Lusca, Watering-Hole