In the latest cyber attack to take place recently, hackers have targeted organizations that are connected with holding the Winter Olympics next month in Korea.
The hacking was conducted in order to get certain sensitive information, so say security reports.
According to McAfee, a security company, the attacks began on December 22. The phishing attacks were targeted at companies that are involved with the infrastructure to be provided for the Winter Olympic Games, to be held next month in Pyeongchang, South Korea.
The malware works in such a way that the hackers were able to gain control over the victim’s computer remotely.
Attack on Games
The malware attack on the 2018 Winter Olympics has been dubbed “Operation PowerShell Olympics,” according to McAfee Labs, which revealed the hacking attempt of December 2017.
According to the researchers, the malware attack is something new and unique, and has been customized by the hackers.
McAfee experts explain in a detailed blog post that the hackers had made use of the tool Invoke-PSImage for hiding the hacking code within pixels of an image file.
The image would be decoded and the malicious program would be revealed.
Such a customized attack shows that there was an entire organization involved in the hacking that aimed at getting information from the targets.
Those behind the hack were also making use of fileless attacks, which is what hackers have generally used during the past year.
How it Works
The hacking started with emails being sent to the victims, appearing as if they had come from the National Counter-Terrorism Center (NCTC) in South Korea.
The email address seemed genuine, displaying what appeared to be official messages from NCTC. However, these emails were actually sent from IP addresses based in Singapore.
The attackers had first embedded the malicious documents in the form of an HTA file.
This was then hidden in images on remote servers.
Visual Basic macros were then used for launching decoder scripts. Customized PowerShell codes were also used for decoding hidden images.
Once the document was opened, it would tell the victim to click on it in order to enable the content within. The hackers would then gain access to the victim’s computer, enabling them to execute any command they wished and also be capable of installing more malware on to the computer.
The aim of these phishing emails was to make the targets open up a document of Microsoft Word. Through this, the hackers could access the victims’ computers through the back door to steal data or just take complete control over the machine.
Targeting the Olympics
The hacking campaign was targeted at the Winter Olympics, as the event always involves billions of dollars along with a lot of geopolitical undercurrents in play.
The hacking plan of December 2017 was targeted at infrastructure and organizations related to the planning and direction of the Olympics, as well as the operational companies behind the event.
Most of the organizations attacked had a connection with the Olympics to be held next month. The hackers appeared to be gathering more insights than what is publically available about the 2018 Winter Olympics.
Many of the victims had email addresses of organizations connected with ice hockey.
Such kind of hacking attacks regularly takes place during the Olympics and other major world events, according to cybersecurity experts.
That said, the number of threats targeting the Olympics is slowly increasing over the past few years.
There is just one month left for the Olympics this year, and cybersecurity experts are expecting that there will be more attacks leading up to the event.
The next few attempts might be even more malicious and on a larger scale.