YOU ARE AT:SoftwareCyber attacks infiltrate the Olympics

Cyber attacks infiltrate the Olympics

As athletes battle it out on the rinks and slopes of the Pyeongchang Olympics, a quieter fight is underway on Olympic networks. The “Olympic Destroyer” attack has reportedly caused disruptions to the event’s Wi-Fi network and took down the official web site just as events were getting underway.

The Guardian first reported technical issues on the Olympic network during the opening ceremonies, which were later confirmed by Olympic officials to have been caused by a cyber attack. Web site users were unable to access information or print tickets for 12 hours and the Wi-Fi in the Olympic stadium wasn’t working; The Guardian also said that televisions and internet service at the main press center were also affected.

Cisco’s Talos Security blog said that according to its analysis, the attack was aimed specifically at disruption rather than information-gathering, adding that “the malware author knew a lot of technical details of the Olympic Game infrastructure such as usernames, domain name, server names and obviously passwords.”

“Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony,” Talos researchers Warren Mercer and Paul Rascagneres wrote. “Disruption of services included the Olympic website being offline, meaning individuals could not print their tickets. The opening ceremony reporting was degraded due to WiFi failing for reporters on site.”

 

https://twitter.com/TalosSecurity/status/963436172239364097

Meanwhile, McAfee is tracking malware dubbed Gold Dragon targeted at the Olympics which has been circulating for some time, with new aspects appearing just as the event began. McAfee noted that Gold Dragon is a Korean-language implant that it believes is the second-stage payload of an Olympics-related attack that was noticed in early January. That earlier attack, PowerShell, created an encrypted channel to the attacker’s computer but was not a fully functioning backdoor, and “did not contain a mechanism to persist beyond a simple scheduled task”; McAfee said it was a basic information-gathering mechanism to identify targets of interest. Gold Dragon, which appeared the same day that the Olympics began, “has a much more robust persistence mechanism than the initial PowerShell implant and enables the attacker to do much more to the target system.” It is one of four related implants for information gathering, although McAfee said that the Gold Dragon malware “has limited reconnaissance and data-gathering capabilities and is not full-fledged spyware.”

McAfee also noted that an email phishing attack was also launched against many Olympics and Olympics supporting organizations in late December, targeting email addresses with a malicious Microsoft Word document that claimed (in Korean) to be “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.” The document laid the groundwork for a hacker to gain remote access to an infected machine in order to install more spyware. Trend Micro has also been tracking targeting of international athletic organizations since the second half of 2017.

Image copyright: andreykuzmin / 123RF Stock Photo

ABOUT AUTHOR

Kelly Hill
Kelly Hill
Kelly reports on network test and measurement, as well as the use of big data and analytics. She first covered the wireless industry for RCR Wireless News in 2005, focusing on carriers and mobile virtual network operators, then took a few years’ hiatus and returned to RCR Wireless News to write about heterogeneous networks and network infrastructure. Kelly is an Ohio native with a masters degree in journalism from the University of California, Berkeley, where she focused on science writing and multimedia. She has written for the San Francisco Chronicle, The Oregonian and The Canton Repository. Follow her on Twitter: @khillrcr