Security researchers have uncovered a sophisticated phishing campaign targeting organizations involved in the Pyeongchang Olympics with a weaponized Word doc, and using a range of obfuscation techniques to fly under the radar.

The malicious document is written in fluent Korean and named “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”, according to McAfee.

It was aimed at a number of organizations providing infrastructure and support for the games, and was spoofed to appear to come from South Korea’s National Counter-Terrorism Center (NCTC), when in fact the IP address is in Singapore.

When the user clicks “Enable Content” in the doc, it launches a hidden PowerShell script.

Read full news article on Infosecurity