The Winter Olympics in Pyeongchang, South Korea start next month and hackers are using the pretext of the games to launch phishing attacks featuring custom malware that, if downloaded, allows an attacker to take control of a device.
McAffee has named the malware “Operation PowerShell Olympics,” which was discovered in December when it was sent to Olympics staff members responsible for the ice hockey competition.
Thus far, the attack seems to be focused on individuals and organizations that provide support to the games in the form of infrastructure, and as such, appear to be aimed at disrupting the games.
The emails in question are spoofed, but look like they were sent by the South Korean National Counter-Terrorism Center. They are in the Korean language, although the emails bear a Singapore IP address—something that can also be intentionally misleading.
A classic phishing email, the message is brief and geared toward getting the recipient to click on a document, which, once opened, instructs the user to enable the content. If that instruction is followed, the malware downloads using an opensource process released about a month ago that is able to launch something called a fileless malware attack (follow the link if you are not familiar with this particular variety of attack because it’s fascinating).