Cyber experts identify destructive malware used against Olympics
Cybersecurity experts say they have identified a destructive malware campaign likely used in a cyberattack against the 2018 Olympic Winter Games during the opening ceremony on Friday.
Experts at Cisco’s threat intelligence arm Talos have dubbed the malware “Olympic Destroyer,” saying that initial analysis indicates that the malware was designed to destroy data.
Officials organizing the 2018 games in Pyeongchang, South Korea, said Sunday that a cyberattack impacted the games’ systems resulting in technical failures during the opening ceremony, according to Reuters.
Organizers have not disclosed much publicly about the incident, which disrupted internet access and Wi-Fi during the opening ceremonies and also took the Olympics website offline. It remains unclear who was behind the attack.
“We are not going to comment on the issue. It is one we are dealing with. We are making sure our systems are secure and they are secure,” a spokesman for the International Olympic Committee told Reuters.
In a blog post, Talos said it had identified malware samples used in the attack with “moderate confidence.” The experts explained that the unknown attackers likely aimed to disrupt the games, rather than steal data.
“The infection vector is currently unknown as we continue to investigate,” Talos said in the blog post. “Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony.”
Separately, an expert at CrowdStrike said the cybersecurity firm had identified a new family of malware targeting the Olympics that was apparently designed to destroy data that first emerged Friday on the day of the opening ceremony.
“The impact of the attack is currently unknown, and the analysis of the identified malware samples is ongoing. CrowdStrike will report further findings as they become available,” Adam Meyers, CrowdStrike’s vice president of intelligence, said in a statement.
There were signs leading up to the 2018 games that hackers were targeting Olympic-related organizations. Experts pointed to an uptick in spoofed domains imitating Olympic organizations like the World Anti-Doping Agency (WADA), as well as an increase in attempted attacks targeting Olympic supporting systems.
There have been broad suspicions that Russia would look to target the winter games after the International Olympic Committee barred Moscow from competing over allegations of a state-sponsored doping scheme. Evidence began to emerge last month that Fancy Bear, a cyber espionage group linked to Russia, had begun to target Olympic organizations with hacks. Fancy Bear, also known as APT28, is widely believed to have been responsible for the hacks targeting the Democratic National Committee and Hillary Clinton campaign chair John Podesta before the 2016 U.S. presidential election.
“We have anticipated an attack of some nature on the events for quite a while, particularly by a Russian actor,” John Hultquist, direct of analysis at FireEye’s intelligence analysis team, said. “Actors like APT28 have unceasingly harassed organizations associated with the games and the Russians have been increasingly willing to leverage destructive and disruptive attacks.”