South Korea is hosting Winter Olympics from February 9th to 25th 2018 in Pyeongchang County. Information Security examiners from McAfee have identified a series of spear phishing bait.
Hackers are steering attacks abreast the organizations involved in Winter Olympics . Hackers are targeting to accumulate sensitive information associated with the identification details, finance and also to attack bigger organizations linked to them.
Various groups affiliated with Winter Olympics 2018 have received the malware in an e-mail during December 2017 and early days of January 2018. The attachment has a malicious document that if enabled would create a hidden back channel inside their computers for hackers to exploit.
“The attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script. They also wrote custom PowerShell code to decode the hidden image and reveal the implant,” a McAfee quoted.When the recipient makes the mistake to enable the macro a PowerShell script is launched. The script then downloads and reads an image file and “carves out a hidden PowerShell implant script embedded within the image file to execute.” The steganography tool embeds the script into the image’s pixels which hide the malicious code. 1
This cyber attack is classified under spear phishing.The email pretexts to be from National Counter Terrorism Center(NCTC) in South Korea. While the attack is basically from an IP address near Singapore but spoofed to be from an authentic organization like NCTC.The timing of the attack is perfect as NCTC is communicating many e-mails as part of the counter-terrorist drill for Olympics.
The above cyber attack can be termed as a socially engineered and spoofed spear phishing attack. Olympics is an amalgamation of people and various technologies with huge task deadlines.It offers a tailor-made situation to utilize hackers skills.
Threat agents-Macro malware, spear phishing, spoofing, social engineering attack.