A watering hole attack targeted Windows and Android users with zero-day and n-day exploits, concluded Google's Project Zero. The sophisticated attack campaign used two exploit servers—a Windows server and an Android server—each of which employed a separate exploit chain to compromise targets.

More from Project Zero:

• Both servers used Chrome exploits for the initial remote code execution attack.
• The exploit chains were well-engineered, complex code with new exploitation methods, mature logging, sophisticated post-exploitation techniques, and high volumes of anti-analysis and targeting checks.
• The Chrome and Windows zero-days exploited in the attack campaign have been patched by the vendors.
• Project Zero worked with the Google Threat Analysis Group to carry out the analysis.