A new watering hole attack is leveraging SLACK, a collaborative platform that lets users create and use their own workspaces, to send command-and-control communications without being detected. The new approach was discovered by Trend Micro.  

We can’t paste this image from the Clipboard, but you can save it to your computer and insert it from there.

Expert Comments below:  

Usman Rahim, Digital Security & Operations Manager at The Media Trust:  

“Battlefields are increasingly online, and this attack in particular was carefully planned. Watering hole attacks are carried out primarily on specific organizations. Whoever orchestrated this campaign wanted to gather personal and communications information on visitors of a website operated by a nonprofit that supports the North Korean regime. Not surprisingly, the malware strain used has not been seen anywhere else. It also comes as no surprise that the orchestrators chose popular tools that would leave few, if any, traces that would enable anyone to identify them.” 

 

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.