The cyber laid on coincided alongside 12 hours of downtime on the official website for the Winter Games, the collapse of Wi-Fi inward the Pyeongchang Olympic stadium in addition to the failure of televisions in addition to meshing at the primary press center, leaving attendees unable to impress their tickets for events or choke venue information.
The Pyeongchang Winter Olympics organizing commission confirmed Dominicus that a cyber laid on striking its network helping run the result during the opening ceremony, which was fully restored on 8 am local fourth dimension on Saturday—that's sum 12 hours subsequently the laid on began.
Multiple cybersecurity firms published reports on Monday, suggesting that the crusade of the disruption was "destructive" wiper malware that had been spread throughout the Winter Games' official network using stolen credentials.
Dubbed "Olympic Destroyer" yesteryear the researchers at Cisco Talos, the wiper malware majorly focuses on taking downwards networks in addition to systems in addition to wiping data, rather than stealing information.
The Talos researchers would non comment on attribution, only diverse safety experts accept already started attributing the Olympic Destroyer malware to hackers linked to either North Korea, China or Russia.
According to the analysis yesteryear Cisco Talos, the aggressor had intimate noesis of the Pyeongchang 2018 network's systems in addition to knew a "lot of technical details of the Olympic Game infrastructure such every bit username, domain name, server name, in addition to evidently password."
"The other element to see hither is that yesteryear using the hard-coded credentials inside this malware it's also possible the Olympic infrastructure was already compromised previously to allow the exfiltration of these credentials," researchers said.
The Olympic Destroyer malware drops 2 credential stealers, a browser credential stealer in addition to a organisation stealer, to obtain required credentials in addition to and then spreads to other systems every bit good using PsExec in addition to Windows Management Instrumentation (WMI), 2 legitimate Windows direction tools used yesteryear network admins to access in addition to behave out actions on other PCs on a network.
The researchers noted that both built-in tools were also abused yesteryear the Bad Rabbit ransomware in addition to NotPetya wiper malware final year.
Once installed, the malware in addition to then start deletes all possible "shadow" copies of files in addition to Windows backup catalogs, plough off recovery trend in addition to and then deletes organisation logs to comprehend its tracks in addition to making file recovery difficult.
"Wiping all available methods of recovery shows this aggressor had no intention of leaving the car useable. The sole utilisation of this malware is to perform devastation of the host in addition to instruct out the reckoner organisation offline," reads the Talos weblog post.
It's hard to accurately attribute this cyber laid on to a specific grouping or nation-state hackers due to lean of technical bear witness to back upwards such a decision every bit good every bit hackers oft employing techniques to obfuscate their operations.
