Watering Hole Attack: What It Is, How It Works and Cases

A watering hole attack is a targeted attack technique where the attacker compromises a legitimate website the victim visits regularly, plants malicious code there and waits. When someone in the target organisation visits the compromised site, malware gets downloaded and installed automatically or they get redirected to an exploit kit that takes advantage of some vulnerability in their browser. The analogy with predators is deliberate: instead of hunting the prey, the site the prey goes to drink from gets contaminated and waits for it to arrive on its own. It's one of the favourite vectors of APT groups oriented to sectoral espionage because it combines high selectivity (only affects those who visit the chosen site) with invisibility (the victim receives no suspicious email and does nothing unusual). This piece explains what a watering hole attack is, how it works technically, what public cases have popularised it and how to defend against it.

What a watering hole attack is

A watering hole attack is an indirect, selective attack: instead of sending phishing emails to the target organisation (a noisy, easy-to-detect vector), the attacker picks websites that organisation already visits and compromises them. Those sites are usually sectoral portals, specialised blogs, professional forums, business associations, niche press or online tools the target uses frequently. When a user from the target visits the site (a routine action), they receive the malicious payload without noticing.

The technique has been known since the first decade of the 2000s, but the name "watering hole" became popular in RSA and Symantec reports starting in 2012, with several high-impact public cases. It appears in the MITRE ATT&CK framework as T1189 Drive-by Compromise.

Three ideas to fix the concept:

1. It's targeted, not massive. The attacker chooses the site because they know who visits it.
2. The victim does nothing unusual. They just open a site they already knew.
3. The attacker assumes most visitors aren't of interest. They filter by IP, user agent, language or cookies to deliver the payload only to those they want, leaving the rest with a normal page.

How a watering hole attack works step by step

The operational scheme has five stages appearing in almost every public case.

1. Target reconnaissance

The attacker studies the target organisation: which sites its employees visit, which sectoral portals are reference, which providers everyone shares. Uses OSINT (covered in what is OSINT), social media intelligence, analysis of employee traffic exposed on public tools and sometimes prior infiltration to confirm.

2. Watering hole selection

Picks one or several candidate sites. Favourites:

• Sectoral portals (business associations, chambers, professional bodies).
• Government websites specialised in the sector.
• Specialised media the audience reads.
• Common providers: tools, suppliers, platforms many sector members use.
• Blogs of reference figures the victim follows.

3. Site compromise

The attacker exploits a vulnerability of the chosen site (outdated CMS, vulnerable plugin, leaked admin credentials, failure of the provider's own infrastructure) and plants malicious JavaScript that runs on page load.

4. Victim selection and payload delivery

This is the subtle part. The JavaScript doesn't infect everyone. It filters by:

• IP: only devices within the target's range (corporate or its regional ISP).
• Geolocation: visitors from a specific country.
• Browser language: only languages matching the target.
• User agent or browser version: only configurations where the known exploit works.
• Cookies or referrer: only if coming from a certain origin site.

If the victim fits, the code delivers an exploit kit that takes advantage of browser or plugin vulnerabilities to execute code on the machine. If they don't fit, the visitor sees a normal page without knowing the site is compromised.

5. Post-exploitation

With the first entry achieved, the attacker deploys their post-exploitation chain: persistence, privilege escalation, lateral movement, exfiltration. From here it's indistinguishable from any standard APT compromise.

Why it's so effective

Four properties make watering hole a favourite of advanced groups:

1. High selectivity. Filters out uninteresting visitors. Reduces forensic footprint and complicates comparative detection between victims.
2. No suspicious action by the victim. They don't click on a strange email, don't download an attachment. The awareness surface doesn't apply.
3. Environment trust. The compromised site doesn't generate alerts from email filters or URL reputation. It's a site the organisation visits daily without issue.
4. Reuse. A compromised site can serve several targets from the same sector simultaneously: the attacker "seeds" once and "harvests" several times.

Notorious public cases

Some documented incidents illustrating the pattern:

• Council on Foreign Relations (2012). Attackers (attributed to a Chinese actor) compromised the CFR website to infect visitors from governments and think tanks. One of the first public cases with the name "watering hole" in headlines.
• U.S. Department of Labor (2013). The department's website served as a watering hole for an IE 0-day exploit (CVE-2013-1347) aimed at visitors with presumed interest in radiological information.
• Polish Financial Supervision Authority (2017). The Polish financial regulator suffered a compromise and its site served as a watering hole to infect bank employees in an operation attributed to the Lazarus group.
• VPNFilter and the like: although better known as a router botnet, several state-actor modules used compromised sites to deliver payloads to specific profiles.
• Operation Holy Water (2019). Watering holes focused on visitors from Southeast Asia, attributed to a group associated with TA428.
• Sectoral community sites repeatedly compromised: guilds, associations, professional forums. They appear in annual reports of several threat intelligence firms almost every year.

The exploit broker market (Zerodium and similar publish vulnerability purchase scales) and exploit kits distributed in underground forums have made the technique more accessible: attackers with modest budgets can run watering holes without developing their own exploits.

Differences with phishing and supply chain

The three families get mixed in headlines but are operationally distinct.

Watering hole vs phishing

• Phishing: the attacker sends an email to the victim directly. The victim has to click or execute something.
• Watering hole: the attacker compromises an external site. The victim visits the site as they do every day and gets infected without any suspicious action.

Phishing is mass or targeted (spear phishing); watering hole is always targeted. Detail of the phishing family in types of phishing.

Watering hole vs supply chain

• Supply chain attack: the attacker compromises a vendor of the victim so the malware spreads through the very product or service the victim consumes (SolarWinds, Codecov, 3CX). Huge reach and difficult containment.
• Watering hole: the attacker compromises a website the victim visits, but not a vendor with a contractual relationship. Smaller reach.

The two share a pattern: compromising a third party to reach the target. In practice, sophisticated attacks combine both.

Watering hole vs malvertising

• Malvertising: the attacker buys advertising in legitimate networks and the advertising carries malicious code. Mass reach, low selectivity.
• Watering hole: the attacker compromises the whole site (or specific parts) and selects visitors.

Malvertising can be a vector for a watering hole: the attacker places ads on sectoral sites to reach the target audience.

Who uses watering holes

Three profiles dominate the public cases.

State APTs

The most documented case. Groups attributed to China, Russia, North Korea and Iran have used watering holes for campaigns of political, military, economic and financial espionage. The technique fits perfectly with months-long campaigns where the attacker can wait for the victim to visit the site.

Advanced high-value cybercrime

Operations against banking, cryptocurrencies, investment platforms that justify the investment of compromising external infrastructure and developing exploits or acquiring them.

Sectoral industrial espionage

Compromising sectoral portals to access intellectual property of leading companies in a specific sector (energy, semiconductors, pharma, defence).

How to defend against a watering hole attack

There's no single measure that stops the technique. Effective defence combines several layers.

Technical layer

• Browsers and plugins up to date. Most exploit kits exploit vulnerabilities with a patch available. Keeping Chrome/Edge/Firefox updated and removing legacy plugins (Java, Flash, old PDF readers) closes most of the surface.
• EDR/XDR with behavioural detection. Exploit kits execute post-exploitation actions (payload download, escalation, persistence) a modern EDR blocks even if the exploit itself is novel.
• Web and DNS filtering. Solutions that evaluate site reputation and content in real time block known watering holes. Cisco Umbrella, Cloudflare Gateway, Zscaler, Microsoft Defender for Cloud Apps.
• Application sandboxing. Modern browsers run isolated processes. Extending it with additional sandboxing on sensitive endpoints (Microsoft Defender Application Guard) reduces the compromise impact.
• Network segmentation. If the endpoint gets compromised, segmentation limits lateral movement.

Intelligence layer

• Sectoral threat intelligence. Feeds and communities that share indicators when an active watering hole gets detected. Sectoral ISACs (financial, energy, health) usually are a good source.
• Monitoring of habitual sites. For highly exposed sectors, passively monitoring suspicious changes on the sites the organisation visits most (header changes, injected JavaScript, new redirections) detects watering holes in incubation.
• Outbound traffic analysis. Connections to infrastructure associated with known actors (C2 of identified APTs) reveal the compromise even if the exploit went unnoticed.

Organisational layer

• Incident response plan with watering hole scenarios. Detection, containment, forensic and communication when external-site compromise is suspected.
• Proactive threat hunting over critical assets (covered in what is threat hunting).
• Simulations with Red Team emulating watering hole as part of the attack chain, to validate that detection and response work against this specific vector.

Indicators that help detect a watering hole

Patterns a trained SOC watches:

• JavaScript injected in sites that normally don't load it (frames with external destination, obfuscated scripts, eval of long strings).
• Redirections to recently registered domains with unusual TLDs.
• Browser connections to IPs or domains not associated with the original site.
• Process anomalies: the browser launching executables, PowerShell, cmd.exe, or loading unusual DLLs after visiting a site.
• Payload geolocation consistent with a known actor.
• Recognised exploit kit family by threat intelligence.

Frequently asked questions

What is a watering hole attack?

A watering hole attack is a targeted attack where a legitimate website the victim visits regularly gets compromised. The attacker plants malicious code on the site, waits for a target user to visit and, when they do, delivers an exploit or payload without the victim doing anything unusual. A favourite technique of APT groups focused on espionage.

Why is it called "watering hole"?

Because of the analogy with predators that lurk at the watering hole: instead of chasing prey, they contaminate the place where the prey goes to drink and wait. The technique replicates the pattern: instead of sending phishing to the target, the website the target visits gets contaminated and waited on.

How does a watering hole differ from a phishing attack?

In phishing, the attacker sends an email (or SMS, message) directly to the victim, who has to click or download something. In the watering hole, the attacker compromises an external site the victim already visited normally; the victim gets infected by doing their usual routine, without receiving anything suspicious by email. Watering hole is always targeted; phishing can be mass or targeted.

What famous watering hole cases exist?

Relevant public cases: Council on Foreign Relations (2012), U.S. Department of Labor (2013), Polish Financial Supervision Authority (2017) attributed to Lazarus, Operation Holy Water (2019) in Southeast Asia, and several sectoral incidents against financial, energy and defence portals in recent years. The industry publishes new cases practically every year.

How can I protect my company from a watering hole attack?

Defence combines layers: browsers and plugins up to date, EDR/XDR with behavioural detection, web and DNS filtering that evaluates reputation in real time, network segmentation to limit lateral movement, sectoral threat intelligence that alerts when a relevant site appears compromised, and proactive threat hunting over critical assets. No layer alone stops the full technique.

Who's usually behind a watering hole attack?

In most documented cases: state APT groups focused on political, economic or military espionage. They also appear in advanced cybercrime against banking and cryptocurrencies, and in sectoral industrial espionage. It's a technique that demands preparation (site selection, exploits, infrastructure), so it rarely appears in opportunistic attackers.

Does antivirus detect a watering hole?

A traditional antivirus detects little: the exploit is usually new or variant, and the payload may arrive through channels the antivirus doesn't inspect. A modern EDR/XDR with behavioural detection does detect post-exploitation actions (browser launching suspicious processes, connections to unknown infrastructure, privilege escalation), which is where the watering hole becomes visible. Antivirus is just the first layer, not the main one.

Related resources

• What is a Red Team: business guide
• What is OSINT
• What is social engineering
• Types of phishing
• What is threat hunting
• What is MITRE ATT&CK
• What is EDR

---

Is your sector a recurring APT target (banking, energy, health, defence, public administration) and you need to validate that the watering hole defence works? At Secra we simulate realistic attack chains that include watering hole and other advanced vectors to measure detection and response capability. Tell us what you want to test and we'll design the exercise.