Aliases: como Holy Water, Godlike12, SweetAlerts, Strategic web compromise (watering hole), Holy Water, APT TIBET, Holy Water sugiere una tradición de actividades persistentes
HolyWater is an APT group that first emerged in at least May 2019, initiating a series of targeted watering-hole campaigns primarily against religious organizations, charities, and public bodies in Asia. The group distinguishes itself by employing a creative yet unsophisticated toolset, notably leveraging legitimate public services like GitHub and Google Drive for malware distribution and command-and-control operations. Their primary motivation is reconnaissance and the harvesting of information from compromised devices. While no definitive origin has been confirmed, analysis of their Go language-based backdoor, Godlike12, suggests a potential link to Chinese-speaking communities.