EXECUTIVE SUMMARY:

A hacker group, suspected of working for a government, has launched a targeted phishing attack at participants and organizers of the upcoming Winter Olympics in Seoul.

Beginning Dec. 28, hackers used an email address that was spoofed to appear to come from South Korea’s National Counter-Terrorism Council to try to spread malware. Their target was icehockey@pyeongchang2018.com, an email address that is used to manage hockey operations in Pyeongchang. At least 50 others with ties to the upcoming Olympics also received the email–including ski resorts hosting competitions, a nearby airport, and government employees.

To infect the computers receiving the email, the cyberattackers used a Microsoft Word document that directed users in Korean to “enable content.” Following that instruction would let Word run macros, or repeated tasks. As Kevin Collier from BuzzFeed reports, that typically signals that a Word file is malicious. “Once enabled, the file runs script crafted to hide its tracks and creates an encrypted channel that allows the attacker to quietly run commands and install additional programs on the victim’s computer,” writes Collier.

Interestingly, this comes just a few months after a report from UC Berkeley’s Center for Long-Term Cybersecurity, which asserts on its website that the integration of new technologies into major sporting events creates cause for cybersecurity concern. “…The proliferation of new technologies in major sporting events—from digital display panels in stadiums to online ticketing systems to artificial intelligence-based scoring software—opens the door to cyberattacks that could threaten public safety, diminish the fan experience, and undermine the integrity of competition.”

At this point, it is uncertain who is behind the attack, and how many people might have been tricked by the email.

Read the full story at BuzzFeed News.