What is Watering Hole Attack?
A targeted attack that compromises a website frequently visited by a specific group of people, infecting visitors with malware.
Named after predators that wait at watering holes for prey, this attack targets the websites a victim group regularly visits.
How It Works
- Attacker identifies websites commonly visited by the target group
- Finds a vulnerability in one of these websites
- Injects malicious code into the website
- When targets visit the site, the malware silently infects their devices
- The attack is specific — it may only activate for visitors from certain IP ranges
Famous Examples
- iOS exploits (2019): Uyghur community websites were compromised to install spyware on iPhone visitors
- Polish financial regulator (2017): Compromised to target banking employees
Why It's Effective
- Targets don't need to click suspicious links
- The compromised site is one they trust
- Can be very targeted (only infect specific visitors)
Protection
- Keep browsers and plugins updated
- Use a browser with good sandboxing (Chrome, Brave)
- Consider using a different browser for high-risk browsing
- Use a VPN to avoid being profiled by IP range
Related Terms
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Malware includes viruses, ransomware, spyware, trojans, and worms—each with different infection methods and objectives.
Phishing
A social engineering attack where attackers impersonate legitimate entities through fake emails, websites, or messages to trick victims into revealing sensitive information like passwords, credit card numbers, or personal data.
Supply Chain Attack
An attack that compromises a target by infiltrating a trusted supplier, vendor, or software dependency in their supply chain.
Have more questions?
Use our guided flow to get the right next privacy step for Watering Hole Attack.
Open Guided Flow