Cyber Attack on 2018 Winter Olympics detected!

245

While South Korea is preparing to host 2018 Winter Olympics between February 9th to 25th 2018 in Pyeongchang County, hackers, on the other hand, seem to be preparing well to attack the XXIII Olympic Winter Games with a wave of cyber threats.

Security analysts from Cybersecurity firm McAfee have discovered a cyber attack campaign targeting organizations involved with the Pyeongchang Olympics. They say that the attack campaign actually started to target Pyeongchang Olympics on December 22nd,2017. But the one which was launched on December 28th,2017 was detected by the researchers.

The attackers actually started the campaign by embedding an implant into a malicious document as a Hypertext Application (HTA) file, and then quickly chose to hide it with an image on a remote server and instead used a modified Visual Basic Macros to launch the decoder script.

McAfee researchers say that they have detected an email with a malicious attachment doing rounds from the end of last year. The attached email is said to have a Microsoft Word Document as an attachment with the following message written in the subject line in the Korean language. When translated the subject-line into English it is as follows-

“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter  Olympics”.

Hackers tried to primarily target the email at icehockey@pyeongchang2018 dot com with several organizations in South Korea on the BCC line.

Readers of Cybersecurity Insiders have to notify a fact over here that majority of organizations in BCC(Blind Carbon Copy) line was either those providing infrastructure or are the ones in a supporting role to the Winter Olympics 2018 event.

Law enforcement of South Korea has detected the latest infected email coming from the IP address 43.249.39.152 based in Singapore. The attacker spoofed the message in such a way that it made the recipients believe that the email was coming from the National Counter Terrorism Center(NCTC) in South Korea.

Analysts say that the timing of the email was perfect as the NCTC was preparing for a cyber threat drill of the similar sort at the same time in preparation for the Winter Olympic Games.

Note- On Saturday last week, North Korean leader Kim Jong Unaccepted the request of South Korean Government to pause his nation’s state-sponsored attacks on the Winter Olympics 2018. So, holding North Korea as a suspect might prove infantile in this case.

SHARE
Naveen Goud is a writer at Cyber Security Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security