Winter Olympic of 2018 is being Targeted by Fileless Malware

The Forthcoming Winter Olympic is on target by hackers with a malware campaign coordinated at the organization that gives infrastructure and other help to the Games.

The campaign victimized various organizations associated with Olympic as well as Paralympic Winter Games, going to happen in South Korea’s Pyeongchangin February. It utilizes a new and unique type of malware intended to hand control of the system of the victim, which they can manipulate.

McAfee stated, the known victims and the organizations who are giving infrastructure and support to the Olympic are all from South Korea. This attack is depending on PowerShell as other fileless malware attack to execute an in-memory attack that makes an indirect access. It’s likewise arriving, in the same way as other attack, by means of email in noxious Word document as per the post on on 08/01/2018.

Ryan Sherstobitoff, McAfee’s analyst explained our sister website ZDNet, though the method is old, but a specific malware has been used which is the latest version of malware and is custom made by the attackers.

The attacks initiate with emails intend to look like originate from the South Korean National Counterterrorism Center and the email address look genuine. The hacker spoofed the emails in such a way so that the messages appear to be like an official, coming from NCTC. Emails are coming from the IP address of Singapore, as believed by analysts.

In the phishing message that is sent in Korea is discussing about the document from a South Korean government organization and also about Pyeongchang Olympics. The email points out the victim to an attached Word file, with a file name which interpret as ‘Sorted out by the Ministry of Agriculture and Forestry and also the Pyeongchang Winter Olympics’.

After opening the file ask the users to click to open the content. If it’s done, it permits the macros for introducing the malware to run through a concealed PowerShell content.

Source: spamfighter