Despite the fact that the Olympics and Winter Olympics wanted to praise human spirit, it has gone all wrong since others never understood the meaning of human spirit. The Olympics was used in the Cold War as to distinguish the dominant hand between the Soviet communism and the American capitalism.
Hackers successfully targeted many Olympic organization bodies linked with the event even before the event has started. That took place in the 2018 Pyeongchang Winter Olympics. The newest attack was attributed to an anonymous internet connection shutdown.
Cyber Shutdown during Opening Ceremony
Briefly, the internet and WiFi connection corrupted in the opening ceremony, and it was mentioned that such crash was not fixed even the day after. However, the technological advancements in the opening ceremony continued as planned, and that was because of the presence of some distinguished researchers and experts from South Korea.
In the following days, more updates will pop up about whether the attack was DDos or just a human error. Many similar actions took place earlier, that is why researchers and experts quickly clear off these malware from known groups. However, it was something unique in the case of the Winter Olympics.
Operation PowerShell Olympics
McAfee researchers spend distinguished effort in finding fileless malware organizations accused in the case of the 2018 Winter Olympics. To execute in-memory attack, PowerShell was used as a backdoor, which is an obsolete method that uses the email as a medium to propagate in. However, what makes this malware different is that it has never been encountered before, where Ryan Sherstobitoff believes that it was made uniquely with a purpose, which shows a great deal of proficiency and money behind it.
A single mouse click on these fake messages will immediately launch Visual Basic macro that initiates PowerShell script. As mentioned earlier, this is an obsolete method. But in this case, the PowerShell script downloads an image file that has another built-in PowerShell script present by an open source tool called Invoke-PSImage, which puts you in a loop-hole. This tool was incorporated after few days of its release, which is a recorded time. This tool makes the user capable of hiding data inside a carrier file that can have various formats. The script is strengthened and made complex by using string-format operators that make it impossible to be caught upon its execution.
According to the records of McAfee, the organizations linked to the Olympics are not safe as such attack can be done again in another campaign since the malware is sophisticated. Unfortunately, the only current way to defend against such attacks is not to open the malware and fake emails and attachments sent to you by strangers. And even if you receive attachments from people you know, deal with these attachments carefully to not regret more consequences later on.
Related Article: The Attack on Faraday Cage Protected Equipment