Watering Hole Attacks Push ScanBox Keylogger

📅 30 August 2022 at 16:00 UTC📰 ThreatpostView original source ↗

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A watering hole attack was conducted targeting users who visited compromised websites, with the goal of infecting their systems with the ScanBox keylogger. The attackers are believed to be APT TA423.

⚙️Technical Details

Affected Systems

Compromised websites

Attack Vectors

Watering hole attackJavaScript-based reconnaissance tool

💥Impact Assessment

Severity: H

Who Is at Risk

Users who visited compromised websites, particularly those in the government and defense sectors.

🛡️Recommended Actions

1Implement web application firewall (WAF) rules to block suspicious traffic

2Regularly update software and plugins to prevent exploitation of known vulnerabilities

3Use anti-keylogger software or configure systems to detect and block keylogger activity

📦Affected Products

ScanBox

Read the full article

This is a curated summary. The complete article is available at Threatpost.

Read on Threatpost ↗

← Back to feed