Discover the definition of the term Watering Hole Attack presented by Les Assises de la Cybersécurité.

WATERING HOLE ATTACK

The so-called "watering hole" attack consists of the attacker trapping a public website that he knows is visited by the victim(s) he is targeting in particular. This prevents him from coming into direct contact with his victims (in particular by sending a phishing email, for example, which is easily spotted). It is therefore an indirect attack, which can cause many collateral victims (starting with the infected website for the occasion). In order to avoid being detected too quickly, some advanced attackers only infect visitors matching the profile of their victims (origin of the visit, IP address belonging to the targeted company, etc.).

And there you have it, we have just ruined the excuse of the CISOs who were considering doing OSINT at the "watering hole" (read: a break at the bistro across the street...).