Security researchers from McAfee reported hackers are already targeting Pyeongchang Olympic Games, many organizations associated with the event had received spear phishing messages.
Most of the targeted organizations is involved with the Olympics either in providing infrastructure or in a supporting role.
“Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”).” reported McAfee.
“The primary target of the email was email@example.com, with several organizations in South Korea on the BCC line. The majority of these organizations had some association with the Olympics, either in providing infrastructure or in a supporting role.”
The campaigns have begun on December 22, attackers used spoofed messages that pretend to come from South Korea’s National Counter-Terrorism Center.
The hackers spoofed the message to appear to be from firstname.lastname@example.org, which is the National Counter-Terrorism Center (NCTC) in South Korea, the analysis revealed the email was sent from an address in Singapore and referred alleged antiterror drills in the region in preparation for the Olympic Games.
Attackers attempt to trick victims into opening a document in Korean titled “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.”
Initially, the malware was embedded into the malicious document as a hypertext application (HTA) file, then threat actors started hiding the malicious code in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script. Researchers also noted that attackers wrote a custom PowerShell code to decode the hidden image and launch the malware.
“When we deobfuscate the control server URLs, the implant establishes a connection to the following site over SSL:
hxxps://www.thlsystems.forfirst.cz:443/components/com_tags/views/login/process.php” continues the analysis.
“Based on our analysis, this implant establishes an encrypted channel to the attacker’s server, likely giving the attacker the ability to execute commands on the victim’s machine and to install additional malware.”
The experts expect more hacking campaigns targeting entities involved in sporting events like Pyeongchang Olympic Games.
“With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes,” the McAfee report concluded.
“In similar past cases, the victims were targeted for their passwords and financial information.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.