A complex “watering hole” operation used four zero-day exploits to target Windows and Android mobile devices. The attack was discovered and stopped in the first quarter of 2020, but the Project Zero team, along with Google Threat Analysis Group, did not disclose details until now because it took months to analyze the complex operation. The threat actors behind the campaign used two exploit servers – one targeting Android devices and the other Windows devices – that each utilized separate attacks chains. The exploit chains were “well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques””]
Source: https://www.cuinfosecurity.com/watering-hole-operation-leveraged-zero-day-exploits-a-15757