A Deeper Look in the Watering Hole – Inside the VOHO APT Campaign
By Will Gragido, Senior Manager, RSA FirstWatch Team
On July 21, 2012 the RSA FirstWatch team blogged about a new campaign we had identified and discovered – a new campaign that we believed met the criteria for advanced persistent threats (APT) and subversive multi-vector threats (SMT). We conducted intensive, in-depth reconnaissance that saw us collect a wealth of data related to the campaign, its behavioral attributes, and the stages in which it was carried out in addition to the vulnerabilities that were exploited on various domains the world over that led to redirection to malicious payload infecting sites.
We dubbed the campaign ‘VOHO’ and the technique used for luring in parties affiliated with the targets of interest and opportunity the adversarial elements behind the campaign sought to compromise ‘Water Holing’. Now, after three months of intense research, scrutiny and analysis we are pleased to announce the release of the much anticipated and alluded to white paper titled “The VOHO Campaign: An in-depth Analysis.”
We believe the paper will clearly demonstrate through advanced research and analysis the intent behind the campaign while articulating key attributes of this operation which make it quite unique and distinct from other campaigns of a similar nature. Furthermore, we demonstrate the similarities in architecture, malicious code and content employment and reuse in addition to the net effect that this campaign has had on nearly 1,000 unique organizations seeing approximately 35,000 unique hosts impacted with a staggering 12% rate of compromise. The RSA FirstWatch Threat Research team will be happy to answer any inquiries made with respect to this campaign and are working diligently to notify those who have been impacted by VOHO.
The paper can be downloaded at:
VOHO_WP_FINAL_READY FOR Publication 09242012_AC
Will Gragido leads the RSA FirstWatch advanced threat intelligence team at RSA. His career in information security spans more than 18 years in the commercial and defense sectors. He is the co-author of Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats.
