Pyeongchang Olympics Targeted By Hackers, McAfee Says
According to reports, the Winter Olympics slated to happen next month at Pyeongchang, South Korea is being targeted by hackers who seek to access sensitive information about the upcoming games. This has been revealed in a report published by cyber security firm McAfee; the report says that the company’s analysts have discovered a campaign that targets organizations involved with the sporting event.
The McAfee report says that there was a malicious document in a mail that has been sent to icehockey@pyeongchang2018.com and with other organizations on the BCC line. The report says- “Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”)…The primary target of the email was icehockey@pyeongchang2018.com, with several organizations in South Korea on the BCC line. The majority of these organizations had some association with the Olympics, either in providing infrastructure or in a supporting role. The attackers appear to be casting a wide net with this campaign.”
As per McAfee, the campaign started on December 22, 2017 and the hackers “…originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script”. It’s also explained that the hackers “… also wrote custom PowerShell code to decode the hidden image and reveal the implant”.
The email with the malicious document was sent from an IP address in Singapore. The hackers had spoofed the message so that it appeared to be sent from info@nctc.go.kr, a mail id belonging to the NCTC (National Counter-Terrorism Center) in South Korea. A notable thing is that the hackers had timed the mail in such a way that it came at a time when the NCTC was conducting physical anti-terror drills in the region as part of the preparations for the Olympic Games.
Since the spoofed source of the email suggests legitimacy, victims are very likely to get deceived and download the malicious document. The McAfee report clarifies that the message hasn’t come from NCTC, but from the hacker’s IP address in Singapore. The report further says- “The message was sent from a Postfix email server and originated from the hostname ospf1-apac-sg.stickyadstv.com. When the user opens the document, text in Korean tells the victim to enable content to allow the document to be opened in their version of Word.”
The hackers also seem to be using the technique known as steganography, which hides malware in texts and images.
Targeting major sporting events seems to be emerging as a new trend in the world of cyber attacks. In September last year, McAfee had published a detailed report discussing this. University of California researchers too had reported in October 2017, on cyber attacks targeting major sporting events.
The concluding section of the McAfee report states- “With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes.”
Related Blog
https://www.hackercombat.com/different-cyber-threats-look-2018/
https://www.hackercombat.com/financial-public-services-fear-sophisticated-cyber-attacks-2018/