The information security company, McAfee, recently identified spear-phishing activity targeting the February 2018 Winter Olympics due to be held in South Korea.
This highly tailored campaign was aimed at a number of South Korean organisations supporting the Games and made use of custom-made fileless malware and steganography. The phishing emails were written in the Korean language and purported to be from the South Korean National Counter Terrorism Centre, and coincided with drills being carried out in preparation for the Games. They contained a malicious Word document that, if opened, would run a hidden PowerShell script, enabling the attackers to execute commands and install further malware. The objectives of the campaign are unclear, but could include gaining access to data for financial gain, extortion, or gathering intelligence on the planning around the Games.
In addition to this specific campaign targeting organisations associated with the Games, events such as these are often used by cyber criminals and other cyber actors as a basis for phishing or social engineering attacks against the public.