The Pyeongchang Olympic Games are still more than a month away but hackers are already working their magic, sending malware-infected emails to several organizations associated with the Winter Olympics that will be held in South Korea in February. The primary target of the malware campaign was firstname.lastname@example.org although several organizations tied to the Olympics were also targeted, according to cybersecurity firm McAfee, which warned about the threat in a report Saturday. “The attackers appear to be casting a wide net with this campaign,” McAfee said.
The hacker group that is sending out these infected emails is likely working on behalf of a government, with North Korea, China, and Russia seen as the most likely culprits, according to BuzzFeed. News of the hacking attempts comes shortly after North and South Korea agreed to begin talks on “issues related to improving inter-Korean relationships, including the Pyeongchang Olympic Games,” South Korean Unification Ministry spokesman Baik Tae-hyun told reporters Friday.
The campaign to target the Olympic Games that will be held in northeastern South Korea began as early as Dec. 22 with emails that included a malicious Microsoft Word document with the file name “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.” The message was spoofed to make it look like it came from email@example.com, which is South Korea’s National Counter-Terrorism Center when it was actually sent from Singapore. The use of that agency is significant considering that it was in the middle of conducting antiterror drills in the region ahead of the games when the emails went out.
When the Word document is opened, the user is asked to enable content, usually a red flag for malicious content. Once that happens, the user gives hackers pretty much free reign over his or her machine. “Based on our analysis, this implant establishes an encrypted channel to the attacker’s server, likely giving the attacker the ability to execute commands on the victim’s machine and to install additional malware,” McAfee said.
“From what we can tell, they’re trying to potentially establish the ability to gather information on chatter, communications around the upcoming Olympics,” Ryan Sherstobitoff, a senior researcher at McAfee Advanced Threat Research, said. “With any espionage activity, there’s a first stage reconnaissance to understand who is interesting.”
McAfee warned this type of cyberattack is likely to become more common as the Olympics gets closer.