Notably, it was only deployed to users whose browser was set to particular languages: English, Chinese, Japanese, Korean, and Russian. Clearly, the threat actor had specific targets in mind.
Watering hole attacks have been successfully deployed on a wide range of websites. Examples include discussion forums for software development, NGOs, Christian charities, aviation organizations, financial supervision authorities, government departments, and industrial control systems. They are difficult to detect and typically target highly secure organizations through their less secure business partners, subcontractors, or other connected suppliers. They are effective because they compromise legitimate websites that are difficult to blacklist because they are job related. It’s hard to tell a compliance officer in a bank that they are banned from visiting a financial regulator’s website.