• Hackers compromise frequently visited websites to target a specific group of users.
• Malicious scripts or downloads infect visitors’ devices.
• Used in cyber espionage or mass infections to steal sensitive information.

Watering Hole Attack on Tibetan Websites

• Incident:
  • Hackers associated with Chinese state-sponsored groups compromised Indian-hosted websites such as the Tibetan Post and Gyudmed Tantric University.
  • Visitors were tricked into downloading a malicious file disguised as a security certificate.
  • The malware deployed Cobalt Strike Beacon, enabling keylogging, file transfers, and further infections.
  • The attack was used for cyber espionage against the Tibetan community.