Hackers targeting the 2018 Winter Olympic Games managed to disrupt internet and TV operations during Friday’s opening ceremony using malware dubbed “Olympic Destroyer,” security researchers said.
The perpetrators of the cyberattack on computer, internet and broadcast systems in Pyeongchang, South Korea, have not been identified. The signatures of the attack indicated a link to Russian hacking group, Wired and other outlets reported.
The “Olympic Destroyer” virus resulted in interruptions to Wi-Fi access and telecasts and temporarily took down Pyeongchang2018.com on Friday, which prevented many attendees on-site from accessing and printing out tickets to the ceremony. No critical Olympics systems or data were compromised by the attack, which appeared intended mainly to cause chaos and confusion.
“Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony,” researchers with Cisco Systems’ Talos Security Intelligence and Research Group wrote in a blog post Monday.
The Talos researchers found that the malware payload included 44 usernames and passwords for Olympic staff members, although they said it wasn’t clear how the initial infection occurred.
The Talos researchers provided a detailed technical analysis of the malware in the blog post, noting that it was created to render target computers unusable by deleting shadow copies, event logs and trying to use remote-control applications PsExec and Windows Management Instrumentation “to further move through the environment.”
According to cybersecurity firm CrowdStrike, analysis of the malware indicated the planning for the attack began at least starting in December, given the Dec. 27 timestamp on the virus created to hit the Pyeongchang Olympics.
Last month, CrowdStrike reported that it had identified a sophisticated “spear-phishing” effort targeting specific individuals involved in or supporting the Olympic Winter Games.