Facebook Twitter Comments Slate Plus

Hackers Are Already Targeting the South Korean Winter Olympics

A South Korean man walks past the mascots of the 2018 PyeongChang Winter Olympic and Paralympic Games Soohorang (L) and Bandabi (R) on January 5, 2018 in Seoul, South Korea. North Korea accepted a proposal to hold talks with South Korea on Jan. 9 ahead of the Winter Olympics in February.
A South Korean man walks in front of the mascots of the 2018 PyeongChang Winter Olympic and Paralympic Games Soohorang (L) and Bandabi (R) on January 5, 2018 in Seoul, South Korea. Chung Sung-Jun/Getty Images

The Pyeongchang Olympic Games are still more than a month away but hackers are already working their magic, sending malware-infected emails to several organizations associated with the Winter Olympics that will be held in South Korea in February. The primary target of the malware campaign was icehockey@pyeongchang2018.com although several organizations tied to the Olympics were also targeted, according to cybersecurity firm McAfee, which warned about the threat in a report Saturday. “The attackers appear to be casting a wide net with this campaign,” McAfee said.

The hacker group that is sending out these infected emails is likely working on behalf of a government, with North Korea, China, and Russia seen as the most likely culprits, according to BuzzFeed. News of the hacking attempts comes shortly after North and South Korea agreed to begin talks on “issues related to improving inter-Korean relationships, including the Pyeongchang Olympic Games,” South Korean Unification Ministry spokesman Baik Tae-hyun told reporters Friday.

The campaign to target the Olympic Games that will be held in northeastern South Korea began as early as Dec. 22 with emails that included a malicious Microsoft Word document with the file name “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.” The message was spoofed to make it look like it came from info@nctc.go.kr, which is South Korea’s National Counter-Terrorism Center when it was actually sent from Singapore. The use of that agency is significant considering that it was in the middle of conducting antiterror drills in the region ahead of the games when the emails went out.

When the Word document is opened, the user is asked to enable content, usually a red flag for malicious content. Once that happens, the user gives hackers pretty much free reign over his or her machine. “Based on our analysis, this implant establishes an encrypted channel to the attacker’s server, likely giving the attacker the ability to execute commands on the victim’s machine and to install additional malware,” McAfee said.

“From what we can tell, they’re trying to potentially establish the ability to gather information on chatter, communications around the upcoming Olympics,” Ryan Sherstobitoff, a senior researcher at McAfee Advanced Threat Research, said. “With any espionage activity, there’s a first stage reconnaissance to understand who is interesting.”

McAfee warned this type of cyberattack is likely to become more common as the Olympics gets closer.

We Need to Talk About Your Ad Blocker

Slate relies on advertising to support our journalism. If you value our work, please disable your ad blocker.

Enable Ads on Slate

Want to Block Ads But Still Support Slate?

By joining Slate Plus you support our work and get exclusive content. And you'll never see this message again.

Join Slate Plus
Illustration depicting a colorful group of people using an array of mobile devices