Hackers targeting Winter Olympics in South Korea: McAfee
Seoul, Jan 8: Hackers are targeting the upcoming Winter Olympics in South Korea with a phishing and malware campaign, cyber security firm McAfee researchers have found.
In a blog post, McAfee Advanced Threat Research analysts Ryan Sherstobitoff and Jessica Saavedra-Morales discovered a campaign targeting organisations involved with the Pyeongchang Olympics scheduled from February 9-25.
“Attached in an email was a malicious Microsoft Word document with the original file name ‘Organised by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics’,” the duo said late on Sunday.
Email addresses associated with ice hockey at the Winter Olympics were among those targeted by attackers.
“The primary target of the email was email@example.com, with several organisations in South Korea on the BCC line. The majority of these organisations had some association with the Olympics, either in providing infrastructure or in a supporting role. The attackers appear to be casting a wide net with this campaign,” they added.
The campaign to target Pyeongchang Olympics began December 22 last year.
The attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script.
“They also wrote custom PowerShell code to decode the hidden image and reveal the implant,” the researchers added.
If opened, the document tells the user they must click to enable content.
Based on their analysis, the team said this implant establishes an encrypted channel to the attacker’s server, likely giving the attacker the ability to execute commands on the victim’s machine and to install additional malware.
“With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes. In similar past cases, the victims were targeted for their passwords and financial information,” McAfee noted.
The Advanced Threat Research team has discovered an increase in the use of “weaponised Word documents against South Korean targets in place of the traditional use of weaponised documents exploiting vulnerabilities in the ‘Hangul’ word processor software”, the company added.
Indo Asian News Service
ICC World Cup 2019: Jofra Archer Set to Play Maiden World Cup, Liam Dawson Called Up for Joe Denly
After missing out on a preliminary World Cup squad for the 2019 showpiece event, Jofra Archer has made the final…
WWE News: Mick Foley Announced New 24/7 Championship On WWE Raw
WWE fans learned about the latest championship inclusion on the roster on WWE Raw. Mick Foley returned to the show…