Most hacks start with a victim making some sort of mistake, whether that’s entering a password on a convincing-looking phishing page or accidentally downloading a malicious attachment on a work computer. But one particularly sinister technique starts with simply visiting a real website. They’re called watering hole attacks, and in addition to being a longstanding threat they’ve been behind several high-profile incidents lately.

The most infamous watering hole attack in recent memory came to light in 2019, after targeting iPhone users within China’s Uyghur Muslim community for two years. But threat intelligence researchers emphasize that the technique is fairly common, likely because it’s so powerful and productive. The internet security firm ESET says it detects multiple watering hole attacks per year, and Google’s Threat Analysis Group (TAG) similarly sees as many as one per month. 

The name comes from the idea of poisoning a central water source that then infects anyone who drinks from it. Relatedly, it also evokes a predator that lurks near a watering hole waiting for prey to stop by. Watering hole attacks can be difficult to detect because they often operate quietly on legitimate websites whose owners may not notice anything amiss. And even once discovered, it’s often unclear exactly how long an attack has been going on and how many victims there are.

“Let’s say attackers are going after democracy activists. They might hack a democracy activist website knowing that all these potential targets are going to visit,” says Google TAG director Shane Huntley. “The key thing about why these attacks are so dangerous and can lead to such high success rates is that they take out that important step of the target having to do something or be tricked. Instead of targeting activists with something they actually have to click, which might be hard because they’re very canny, you can go to somewhere they’re already going and skip immediately to the part where you’re actually exploiting people’s devices.”

Earlier this month, for example, TAG published findings about a watering hole attack that compromised a number of media and pro-democracy political group websites to target visitors using Macs and iPhones in Hong Kong. Based on the evidence it was able to collect, TAG couldn’t firmly establish how long the attacks had gone on or how many devices were affected.

Watering hole attacks always have two types of victims: the legitimate website or service that attackers compromise to embed their malicious infrastructure, and the users who are then compromised when they visit. Attackers have gotten increasingly skilled at minimizing their footprint, using the compromised website or service as merely a conduit between victims and external malicious infrastructure, with no visible sign to users that anything’s amiss. That way attackers don’t have to build everything within the compromised site itself. Conveniently for hackers, this makes the attacks easier to set up and harder to trace.

To turn visiting a website into an actual hack, attackers need to be able to exploit software flaws on victims’ devices, often a chain of vulnerabilities that begins with a browser bug. This gives attackers the access they need to install spyware or other malicious software. If hackers really want to cast a wide net, they’ll set up their infrastructure to exploit as many types of devices and software versions as possible. Researchers point out, though, that while watering hole attacks may seem indiscriminate, hackers have the ability to target victims more precisely by device type or by using other information browsers collect, like what country their IP address comes from.