Pyeongchang Winter Olympics under attack by well-trained hackers group
Recently Pyeongchang Winter Olympics have been hit with an infected Word Document. Our cybersecurity team just found a brilliant and well-designed phishing campaign in which a file named “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics” written in fluent Korean was targeting multiple companies involved in infrastructure support of the games.
Using obfuscation techniques, the doc file was sent spoofed to mask the original identity of IP address which is in Singapore and appear to come from South Korea’s National Counter-Terrorism Center (NCTC).
The attack happens using well-designed PowerShell script, as soon as the file is opened and the Enable Content button is clicked.
Our cybersecurity researchers analyzed this malware and discovered that an open-source tool named Invoke-PSImage was used to embed the PowerShell script into an image file.
Using this kind of tool all malicious code is well hidden inside the pixels of an image making it invisible and not detectable by traditional security software.
The malware can hijack the infected computer and update itself with new content using an encrypted channel to reach cybercriminal's C&C server located in South Korea.
Our cybersecurity team also found another type of this attack where the same PowerShell script was obfuscated in .doc using an HTA file named Error733.hta, which increases its chance of success because it is run as soon as the file is clicked not needing any Enable Content button to be pressed.
The number of infection will go even higher as the Winter Olympics approaches and more attacks will be used on companies involved in it.
Our cybersecurity analyst highly advises that good security habits like never open a file from an unknown source and always scan files downloaded from the cyberspace with a top antivirus, should be used by every user to keep its device clean and its data safe.
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.