Sochi Olympics-Themed Malware Emails Reference Terrorism and Military Cooperation

Emails used in targeted attacks

Some interesting malware distribution campaigns made the rounds during the recent Sochi Olympics. Security researchers from Symantec have analyzed some of these emails.

One of the emails spotted by experts carried the subject line “Terrorist threat to Sochi Olympics.” The body of the email only contained the text “for your reference.”

However, an archive file attached to the messages, named “Terrorist Threat to Sochi Olympics.rar,” was found to contain a version of Backdoor.Darkmoon, a remote access Trojan (RAT) that’s often used in targeted attacks.

In fact, the same RAT was sent via email to individuals interested in the G20 Summit last year in September.

Another Sochi Olympics-themed malware email identified by researchers referenced “military-technical cooperation.” These malicious notifications were sent out just before the start of the big event to specific targets.

“Sochi 2014 Winter Olympics will start tomorrow. We want to thank you for the military and security assistance to Russia. It opens new frameworks and new boundaries for our further work in the sphere of military-technical cooperation. Please find the detailed Sochi 2014 cooperation program,” the emails read.

Of course, the attachment had nothing to do with the cooperation program. Instead, it was Trojan.Wipbot, another threat used in targeted attacks.

“These attacks highlight the ongoing need for vigilance when receiving any unsolicited emails. They also reinforce what is already known — targeted attackers are quick to make use of the latest news or events to enhance the chances of success for their social engineering ploy. The campaigns also highlight how targeted email attacks are showing no sign of dissipating anytime soon,” Symantec experts noted.

A lot of malicious cyber activities were spotted before and during the Olympics. While the ones described here have been part of targeted campaigns, experts also spotted several schemes aimed at regular Internet users.

For instance, people in Russia were sent 419 scam emails that promised them a lot of money in return for their assistance.

Malware distribution campaigns were also seen. Users who searched for live streaming from their mobile phones might have stumbled upon sites set up to spread mobile banking Trojans.

Finally, who can forget NBC’s controversial Sochi hacking story? NBC News presented a report that suggested all those who visited Sochi would be immediately hacked. While the story was sensationalized (a lot), it didn’t change the fact that all those visiting the games and people interested in the event were targeted by hackers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s