Credential harvesting is when an attacker obtains, or harvests, a victim’s credentials. This can be targeted at a specific user, as part of a multi-stage attack, but credentials are often stolen from many users at once, usually for financial gain.

One method of targeted credential harvesting is known as a watering hole attack. A watering hole attack is when an attacker compromises a third-party service, software, or website used by a target in order to get access to the target. The third-party service is the “watering hole” that the victims are all using, or “drinking from”. This is an example of how poor security on the part of third-party vendors can compromise the security of the organizations that hire them.

One example of a watering hole attack occurred in 2012, when a hacker group targeted websites promoting political activism. The attack involved redirecting victims to a different compromised site, which would attempt to download malware onto the victims’ computers.