• by Ray Schultz , January 8, 2018

A cyber attack has been launched against organizations involved with the Winter Olympics in Pyeongchang, South Korea. 

McAfee Advanced Threat Research analysts say these groups have received emails containing a malicious Microsoft Word document.

According to McAfee, most recipients provide either an infrastructure or support to the Olympics.

The campaign began on December. 22, 2017, and the most recent activity was on December 28, McAfee says.  

McAfee reports that “the attackers originally embedded an implant into the malicious document as a hypertext application (HTA) file, and then quickly moved to hide it in an image on a remote server and used obfuscated Visual Basic macros to launch the decoder script.” 

It adds: “They also wrote custom PowerShell code to decode the hidden image and reveal the implant.”

The message appears to be from the National Counter-Terrorism Center (NCTC) in South Korea, which could lead victims to take it seriously. 

“Based on our analysis of the email header, this message did not come from NCTC, rather from the attacker’s IP address in Singapore,” McAfee continues.