14 DAY TRIAL // While investigating the propagation of the PlugX RAT with the use of Java exploits, security researchers from Kaspersky stumbled upon minjok.com, a news website that covers Korea-related political events.
Cybercriminals compromised the website and set it up to host a malicious Java applet that triggered the download of a malicious executable file on visitors’ computers.
According to Kaspersky’s Dmitry Tarakanov, the website is great for carrying out a watering hole attack aimed at Korean and Chinese activists because of the topics it covers.
It’s uncertain who is behind these watering hole attacks, but they’re likely part of a larger campaign.
One noteworthy thing about minjok.com is that it’s one of the many websites hacked and defaced by Anonymous hacktivists a few days ago as part of their operation against North Korea.
There probably isn’t any connection between Anonymous and the watering hole attack. Instead, it’s likely that both the hacktivists and the cybercriminals have found the vulnerable website and have considered it to be fit for their purposes.
A detailed technical explanation of the watering hole attack is available on Kaspersky’s Securelist blog.