"Olympic Destroyer" malware attack on Winter Olympics opening ceremony confirmed
On Saturday the 10th of February, shortly before the Winter Olympics opening ceremony was set to commence, the official Pyeongchang 2018 website went down. Spectators attending the event were unable to print their tickets, while at the official media center inside the stadium the Wi-Fi dropped out, leaving reporters unable to report on the event.
The Guardian quickly reported a cyber attack was being investigated as the possible source of the disruption and within 24 hours these suspicions were confirmed, with Olympic officials revealing a cyber attack on the event did in fact take place.
Now security researchers from Cisco's Talos intelligence team have analyzed samples of the malware and verified the infection was a direct attack on the digital infrastructure of the event aimed at disrupting the games. Talos analysts Warren Mercer and Paul Rascagneres have dubbed the malware "Olympic Destroyer", as it seemed to have no function other than to disrupt computer systems related to the Olympic event.
Digging into the code the analysts found specific reference targets to the Pyeongchang 2018 domain, and said that the author of the malware was aware of, "a lot of technical details of the Olympic Game infrastructure such as username, domain name, server name and obviously password."
"During destructive attacks like this there often has to be a thought given to the nature of the attack," write Mercer and Rascagneres in a blog post outlining their investigations. "Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony."
No specific delivery mechanism or source was identified by Mercer and Rascagneres at this stage and Olympics officials refuse to speculate until their internal investigations have been completed. The Russian foreign ministry has already issued a statement denying any involvement in the attacks, saying, "We know that Western media are planning pseudo-investigations on the theme of 'Russian fingerprints' in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea."
This isn't the first cyber attack on the Pyeongchang Winter Olympics, with McAfee Labs reporting in early January the discovery of a malicious email campaign targeting individuals involved in the event. Attached to the suspicious email was a Word document with code designed to hijack a victim's computer and spread more malware.
It is yet to be determined whether these attacks are coming from a single nation-state or are just the work of an assortment of rogue hackers, but both the McAfee and Talos studies indicate the malware is reasonably sophisticated and targeted directly at the Winter Olympic event.
Source: Cisco Talos