The Winter Olympics opening ceremony was set to commence on the 10th of February, Saturday. Just before the ceremony started, the official Pyeongchang 2018 website went down. Spectators attending the event were not able to print their tickets and the stadium WiFi dropped out preventing reporters from reporting on the event.
The Guardian reported that a cyber arrack was being investigated as the source of all the disruption and these suspicions were confirmed within 24 hours and the attack was dubbed as the Olympic Destroyer. The Olympic officials revealed that a cyber attack did actually take place.
Security researchers from Cisco’s Talos intelligence team have been analyzing the malware and have verified that it was a direct attack on the digital infrastructure of the event and was aimed towards disrupting the games. The analysts Warren Mercer and Paul Rascagneres named it the Olympic Destroyer as it has no apparent function other than disrupting the computer systems related to the Olympic event.
On further digging into the code, the researchers found that the malware was instigated by someone with “a lot of technical details of the Olympic Game infrastructure such as username, domain name, server name and obviously password.” It had specific reference targets in the Pyeongchang 2018 domain.
“During destructive attacks like this there often has to be a thought given to the nature of the attack,” write Mercer and Rascagneres in a blog postoutlining their investigations. “Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony.”
The delivery mechanism or source has not been identified by the researchers and the officials are refusing any statements until their internal investigation bears results. The Russian foreign ministry has already denied involvement before any fingers are pointed at them. “We know that Western media are planning pseudo-investigations on the theme of ‘Russian fingerprints’ in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea.”
This is not the first time the Winter Olympics has been attacked by malware. McAfee Labs reported in early January that a malicious email campaign was underway targeting individuals involved in the event. There was a word document attached to the email which contained a code to hijack the victim’s computer and to spread more malware.
It is still unknown if a specific nation is behind the Olympic Destroyer or if it is a group of rogue hackers. However, it has been confirmed by both McAfee and Talos that the malware is reasonably sophisticated and is targeted directly at the Winter Olympics.
We will know more details once the internal investigation is complete.