On Sunday, officials overseeing the 2018 Winter Olympic games in Pyeongchang, South Korea confirmed with The Guardian and other outlets that Friday’s opening ceremony was targeted by an attempted hack. Despite confirming the news, however, the South Koreans refused to acknowledge or respond to the rumor that the cyber attack had been carried out by Russian or Russia-affiliated hackers. Now Motherboard is reporting that Talos researchers with the cybersecurity firm Cisco have determined what precisely went down on Friday, and who may have been responsible.
In an email to Motherboard, Talos technical leader Warren Mercer explained, “The attacker was quite sure to disrupt services but they did not make it a full scale machine wiping mission, for now.” In a blog post posted on Monday, the firm identified the malware they believe was responsible for Friday’s disruptions, which included interruptions to the stadium’s WiFi, internet, and television services. Calling it “Olympic Destroyer,” they said it steals browser and system passwords, then uses these to infiltrate the target network. It’s similar to hacks deployed previously by Russian groups, though Talos doesn’t outright blame Russia:
Although Talos does not point to any particular group or country as being responsible for the malware’s creation or deployment, it does note a number of similarities with other malware campaigns. One technique used as a communication channel to the initial stage of the malware is the same as one used during the recent BadRabbit and Nyetya attacks. The United States’s CIA has attributed Nyetya — also known as NotPetya, which ravaged computers especially in Ukraine — to Russian military intelligence, the Washington Post reported in January.
Likely Russian hackers have already been on the offensive against the Olympics and sports world writ-large. In January, the self-titled “Fancy Bears’ Hack Team,” believed to be Russian state-sponsored, resurfaced and released several small caches of documents stolen from the World Anti-Doping Association.
Russia was banned from officially participating in the Pyeongchang games due to doping, though Russian athletes have been allowed to compete sans country affiliation.