A watering hole attack targeted Windows and Android users with zero-day and n-day exploits, concluded Google's Project Zero. The sophisticated attack campaign used two exploit servers—a Windows server and an Android server—each of which employed a separate exploit chain to compromise targets.
More from Project Zero:
- Both servers used Chrome exploits for the initial remote code execution attack.
- The exploit chains were well-engineered, complex code with new exploitation methods, mature logging, sophisticated post-exploitation techniques, and high volumes of anti-analysis and targeting checks.
- The Chrome and Windows zero-days exploited in the attack campaign have been patched by the vendors.
- Project Zero worked with the Google Threat Analysis Group to carry out the analysis.