Watering Hole Attacks Push ScanBox Keylogger

A watering hole attack, likely carried out by APT TA423, uses the ScanBox JavaScript-based reconnaissance tool to target unknown victims. The attack vector is a compromised website, and the vulnerability class is a web-based attack. The threat is a keylogger.

1. The ScanBox keylogger is a JavaScript-based reconnaissance tool used in the watering hole attack.
2. The attack targets unknown victims, and the impact scope is likely limited to sensitive information theft.
3. The attack chain involves compromising a website, which is then used to plant the ScanBox keylogger.
4. Detection opportunities include monitoring for suspicious JavaScript code and network traffic patterns.

T1190 - Spearphishing via Compromised Website

ScanBox keylogger, JavaScript code, suspicious network traffic patterns

Implement web application security measures, such as input validation and sanitization, to prevent website compromise. Monitor for suspicious JavaScript code and network traffic patterns to detect the ScanBox keylogger.