A malware campaign has been unleashed against organisations involved with next month’s Pyeongchang Winter Olympics.
An email1 with a malicious Microsoft Word document attached was sent to a number of groups associated with the event, most of them targeting ice hockey organisations.
“The attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script,” security firm McAfee reported. “They also wrote custom PowerShell code to decode the hidden image and reveal the implant.”
The attackers appear to be casting a wide net, with several South Korean organisations included in the spam run. The majority of these had some link to the Olympics, either by providing infrastructure or in a supporting role.
Global gatherings such as the Olympics – where world leaders, businesses and governmental organisations converge on one location – make them a naturally attractive target for cyberspies. Travelling VIPs can be easier to target when they are abroad using a variety of techniques.
Read full news article on The Register