Watering Hole Attacks Push ScanBox Keylogger

Researchers have identified a watering hole attack attributed to APT TA423 that deploys the ScanBox JavaScript-based reconnaissance tool. This attack compromises websites likely frequented by the threat actor's targets, enabling mass collection of visitor intelligence including keystrokes, browser information, and system details. The ScanBox keylogger operates silently in the background, exfiltrating data to attacker-controlled infrastructure. Organizations should monitor for unexpected JavaScript on frequently visited websites, implement Content Security Policy controls, and ensure endpoint detection solutions can identify anomalous browser behavior. This campaign demonstrates sophisticated supply chain targeting techniques used by state-sponsored actors for long-term intelligence gathering.

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Researchers have identified a watering hole attack attributed to APT TA423 that deploys the ScanBox JavaScript-based reconnaissance tool. This attack compromises websites likely frequented by the threat actor's targets, enabling mass collection of visitor intelligence including keystrokes, browser information, and system details. The ScanBox keylogger operates silently in the background, exfiltrating data to attacker-controlled infrastructure. Organizations should monitor for unexpected JavaScript on frequently visited websites, implement Content Security Policy controls, and ensure endpoint detection solutions can identify anomalous browser behavior. This campaign demonstrates sophisticated supply chain targeting techniques used by state-sponsored actors for long-term intelligence gathering. Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.