Gold Dragon Helps Olympics Malware Attacks Gain Permanent Presence on Systems, Reports McAfee

By CircleID Reporter

A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. It was known that the attack used a PowerShell implant to establish a channel to the attacker's server in order to gather basic system-level data. However what was not determined at that time was what occurred after the attacker gained access to the victim's system. Ryan Sherstobitoff and Jessica Saavedra-Morales from McAfee report: "[We] now discovered additional implants that are part of an operation to gain persistence for continued data exfiltration and for targeted access. We have named these implants, which appeared in December 2017, Gold Dragon, Brave Prince, Ghost419, and Running Rat, based on phrases in their code. ... We now believe this implant is the second-stage payload in the Olympics attack that ATR discovered January 6, 2018. The PowerShell implant [Gold Dragon] used in the Olympics campaign was a stager based on the PowerShell Empire framework that created an encrypted channel to the attacker's server."

Related topics: Cyberattack, Cybercrime, Cybersecurity, Malware