Hackers have targeted an attack at organisations involved in the Winter Olympics in South Korea and tried to access sensitive information, according to a report by cybersecurity firm McAfee.
The hacking campaign uses a previously unseen form of malware designed to hand control of the victim’s machine over to the attackers, said the report.
The attacks have been carried out via emails sent to various organisations which contained a malicious document that would create a hidden back channel in the computer if enabled. These emails are disguised as being sent by South Korea’s National Counter-Terrorism Council.
The campaign to target Pyeongchang Olympics began 22nd December 2017 with the most recent activity appearing 28th December.
According to the McAfee report, the primary target of the email was icehockey@pyeongchang2018.com, with several organisations in South Korea on the BCC line. The majority of these organisations had some association with the Olympics, either in providing infrastructure or in a supporting role. “The attackers appear to be casting a wide net with this campaign.”
The phishing email comes with a Microsoft Word document that, once opened, instructs the user in Korean to “enable content,” which allows Word to run macros, or repeated tasks, and which is a common red flag that a Word file is malicious.
South Korea, in September, has announced that it will dedicate $1.3 million for cybersecurity protection for the Olympics and has recruited a dedicated team to foil hacking attempts.
Despite some evidence about how the attacks took place, researchers haven’t been able to identify the perpetrator, however, they noted that whoever is behind the campaign must be fluent in the Korean language.
Researchers have also warned that in the run up to the Winter Olympics, attackers will continue to use the event as a lure to carry out cyber-attacks.
The announcement about the attack was made just days before North and South Korea are set to meet for a high-level discussion on Olympic cooperation.
In December, the US government had publicly attributed the WannaCry cyber-attack to North Korea after months of investigations. Other nations including United Kingdom, Australia, Canada, New Zealand and Japan have backed its claims and have joined in “denouncing North Korea for WannaCry.”
