Black Lotus Labs, a division specializing in threat intelligence at Lumen Technologies that focuses on identifying malware and cyber security threats, has announced the discovery of a group of compromised websites that have been used in watering hole attacks in the past. All visitors who browse one of the sites would be unknowingly infected and vulnerable to the attacker stealing a copy of their Windows authentication credentials that could be used to impersonate them. The activity was only recently brought to light and was discovered on several Ukrainian and one Canadian website. These attacks target websites by inserting a malicious function into the website’s code, which is then executed by the victim’s machine. This type of attack has been used for many years, including the high-level compromise that was traced to the San Francisco International Airport website in April 2020. When analyzing the attacks in Ukraine and Canada,…
Tag