The watering hole attack gets its name from a hunting technique. In this technique the hunter, instead of hunting the prey, goes to the place where the prey frequents most and waits. This way the pray is most likely to fall into the trap as its an unsuspecting attack and it has its guard down.
This attack is implemented in the cyber world too where the attacker compromises a specific website or portal the victim is most likely to visit. The victim can be an individual, a group, or an organization, and in this case, political officials.
In this instance, an undocumented macOS backdoor called the “DazzleSpy” is used to attack Hong Kong’s politically active individuals. The first attack was seen in November of last year when Google researchers published research on a MacOS zero-day being exploited by threat actors (CVE-2021-30869).
Experts attribute these attacks to a nation-state actor, however, no specific group is named.
DazzleSpy is a full-featured backdoor that provides attackers a large set of functionalities to control, and exfiltrate files from, a compromised computer, according to researchers.
DazzleSpy was distributed by the threat actors using iframe injections on websites which then lead to a WebKit exploit.