Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range.
The new campaign began last month and is ongoing, employing spear-phishing documents that share much in common with the weaponized documents used in the Olympics attack. According to analysis from Kaspersky Lab, these indicators – such as using a non-binary executable infection vector and obfuscated scripts to evade detection – point to the same group being behind both attacks.
Read more…
Source: ThreatPost