Recently, FortiGuard Labs said that some hackers are using the watering hole strategy to launch cyberattacks against the Chinese website. “The originally hacked Chinese news site mentioned above is located in the US, where it is used to distribute Chinese news to Chinese-speaking individuals living overseas.”
Typically, an attacker will first test a defense system after detecting a targeted website. After the vulnerability is discovered, these hackers will launch an attack. Once the target website is compromised, hackers will immediately load malicious scripts onto the website to set up malware traps. FortiGuard Labs said that hackers used the known WinRAR (CVE-2018-20250) and RTF (CVE-2017-11882) file vulnerabilities in this recent attack. When the victim clicks on the site, a malware called Sality will be automatically downloaded to their computer. Experts say the malware can collect screenshots, create file lists, launch reverse shells, download files, and grab clipboard text and MD5 hashes.
Experts say the cyberattack seems to be experimental because the attacker uses many different technologies and tools. Until the time of writing, malicious scripts still run on this Chinese website.