Hackers targeting Winter Olympics in South Korea: McAfee

Hackers targeting Winter Olympics in South Korea: McAfee
January 08
18:56 2018

Seoul, Jan 8  Hackers are targeting the upcoming Winter Olympics in South Korea with a phishing and malware campaign, cyber security firm McAfee researchers have found.

In a blog post, McAfee Advanced Threat Research analysts Ryan Sherstobitoff and Jessica Saavedra-Morales discovered a campaign targeting organisations involved with the Pyeongchang Olympics scheduled from February 9-25.

“Attached in an email was a malicious Microsoft Word document with the original file name ‘Organised by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics’,” the duo said late on Sunday.

Email addresses associated with ice hockey at the Winter Olympics were among those targeted by attackers.

“The primary target of the email was icehockey@pyeongchang2018.com, with several organisations in South Korea on the BCC line. The majority of these organisations had some association with the Olympics, either in providing infrastructure or in a supporting role. The attackers appear to be casting a wide net with this campaign,” they added.

The campaign to target Pyeongchang Olympics began December 22 last year.

The attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script.

“They also wrote custom PowerShell code to decode the hidden image and reveal the implant,” the researchers added.

If opened, the document tells the user they must click to enable content.

Based on their analysis, the team said this implant establishes an encrypted channel to the attacker’s server, likely giving the attacker the ability to execute commands on the victim’s machine and to install additional malware.

“With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes. In similar past cases, the victims were targeted for their passwords and financial information,” McAfee noted.

The Advanced Threat Research team has discovered an increase in the use of “weaponised Word documents against South Korean targets in place of the traditional use of weaponised documents exploiting vulnerabilities in the ‘Hangul’ word processor software”, the company added.

Related Articles


No Comments Yet!

There are no comments at the moment, do you want to add one?

Write a comment

Write a Comment

Your email address will not be published.
Required fields are marked *


Diplomacyindia.com Editor V N Jha participating in Panel Discussion on Lok Sabha Television

Diplomacyindia.com Exclusive Video : Glimpses from the Argentine National Day

Diplomacyindia.com Exclusive Interview with Ambassador of Slovenia to India, H.E. Mr. Jozef Drofenik speaking on Bilateral Relations and Trade between India and Slovenia

Diplomacyindia.com Exclusive Interview with Ambassador of Slovenia to India, H. E. Mr. Jozef Drofenik speaking on Tourism in Slovenia

Pictures of Formal Launch of Website Diplomacyindia.com

Exclusive Interview with Prime Minister of Guyana, H.E. Mr. Moses Veerasammy Nagamootoo during his recent visit to India.Highlights of the interview were Indian Cultural Connect, Vibrant Bilateral Ties and Cultural Connect and India’s Economic Prowess.

Video Message from Shri Prakash Javadekar, MoS (IC) for Forest, Environment & Climate Change on eve of Formal Launch of Website Diplomacyindia.com

Message from Gen. V K Singh, (Retd.) Hon’ble MoS, External Affairs to Diplomacyindia.com

Facebook Auto Publish Powered By : XYZScripts.com