Hackers are targeting the upcoming Winter Olympics in South Korea with a phishing and malware campaign, cyber security firm McAfee researchers have found.
In a blog post, McAfee Advanced Threat Research analysts Ryan Sherstobitoff and Jessica Saavedra-Morales discovered a campaign targeting organisations involved with the Pyeongchang Olympics scheduled from February 9-25.
"Attached in an email was a malicious Microsoft Word document with the original file name 'Organised by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics'," the duo said late on Sunday.
Email addresses associated with ice hockey at the Winter Olympics were among those targeted by attackers.
"The primary target of the email was icehockey@pyeongchang2018.com, with several organisations in South Korea on the BCC line. The majority of these organisations had some association with the Olympics, either in providing infrastructure or in a supporting role. The attackers appear to be casting a wide net with this campaign," they added.
The campaign to target Pyeongchang Olympics began December 22 last year.
The attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script.
"They also wrote custom PowerShell code to decode the hidden image and reveal the implant," the researchers added.
If opened, the document tells the user they must click to enable content.
Based on their analysis, the team said this implant establishes an encrypted channel to the attacker's server, likely giving the attacker the ability to execute commands on the victim's machine and to install additional malware.
"With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes. In similar past cases, the victims were targeted for their passwords and financial information," McAfee noted.
The Advanced Threat Research team has discovered an increase in the use of "weaponised Word documents against South Korean targets in place of the traditional use of weaponised documents exploiting vulnerabilities in the 'Hangul' word processor software", the company added.
--IANS
na/dg
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app