2018 Winter Olympics “Olympic Destroyer” Malware

Picture of the Olympic Rings on the Montreal International Olympic Committee (IOC) building (Canada), built for the 1976 Summer Olympic Games

During the Winter Olympics opening ceremony last week, there was a strange failing of WiFI and television systems for on-site journalists that were covering the event. On Sunday, officials from the Olympics reported that the failures weren’t simply an accident – they were the result of a targeted cyberattack against the international events.

Unfortunately, this isn’t the only cyberattack that the 2018 Winter Olympics have been targeted with. The attacks came after the banning of certain Russian athletes from the games. A Russian hacking group, Fancy Bears, claimed responsibility for the various attacks on the U.S. and International Olympic Committees in result of the ban.

After the attack, Cisco Talos looked into the Olympic Destroyer malware and determined that the malware was capable of interfering with a Windows computer’s data recovery processes. Also, it had the capabilities of deleting critical services.

The researchers stated, “The samples identified, however, are not from adversaries looking for information from the games, but instead they are aimed to disrupt the games. The samples analyzed appear to perform only destructive functionality.”

Another major issue was the fact that the files on network shares were also gone. Additionally, the malware uses a self-patching feature that allows it change after moving from one host system to the next. Lastly, it was discovered that it was using the EternalRomance exploit, which is an NSA exploit leaked by Shadow Brokers in 2017 – also used to spread NotPetya ransomware last year (alongside EternalBlue).

As of now, that’s the latest information we’ve seen. We’ll update this if there is more information.



Leave a Reply