2018 Winter Olympics: Pyeongchang Opening Ceremony
The Pyeongchang Winter Olympics occurring in South Korea was disrupted beyond the weekend once a malware fierceness in the in front and during the creation ceremony in the region of Friday.
The cyber violent behavior coincided moreover 12 hours of downtime almost the attributed website for the Winter Games, the collapse of Wi-Fi in the Pyeongchang Olympic stadium and the failure of televisions and internet at the main press center, leaving astern attendees unable to print their tickets for activities or make a get your hands on of venue reference.
The Pyeongchang Winter Olympics organizing committee stated Sunday that a cyber ferociousness hit its network helping control the involve during the commencement ceremony, which was abundantly restored regarding 8 am local epoch upon Saturdaythat's full 12 hours after the violent behavior began.
Multiple cybersecurity firms published reports upon Monday, suggesting that the cause of the disruption was "destructive" wiper malware that had been alleviate throughout the Winter Games' highly thought of network using stolen credentials.
Dubbed "Olympic Destroyer" by the researchers at Cisco Talos, the wiper malware majorly focuses a propos taking down networks and systems and wiping data, rather than stealing mention.
The Talos researchers would not comment concerning attribution, but various security experts have already started attributing the Olympic Destroyer malware to hackers connected to either North Korea, China or Russia.
According to the analysis by Cisco Talos, the assailant had intimate knowledge of the Pyeongchang 2018 network's systems and knew a "lot of profound details of the Olympic Game infrastructure such as username, domain publicize, server publicize, and obviously password."
"The new factor to regard as creature here is that by using the hard-coded credentials within this malware it's with attainable the Olympic infrastructure was already compromised back to have the funds for admission the exfiltration of these credentials," researchers said.
The Olympic Destroyer malware drops two credential stealers, a browser credential stealer and a system stealer, to obtain sticking to of required credentials and in addition to spreads to new systems as dexterously using PsExec and Windows Management Instrumentation (WMI), two definite Windows administration tools used by network admins to admission and carry out leisure motion to come reference to new PCs upon a network.
The researchers noted that both built-in tools were also abused by the Bad Rabbit ransomware and NotPetya wiper malware last year.
Once installed, the malware then first deletes all possible "shadow" copies of files and Windows backup catalogs, turn off recovery mode and then deletes system logs to cover its tracks and making file recovery difficult.
"Wiping all available methods of recovery shows this attacker had no intention of leaving the machine useable. The sole purpose of this malware is to perform destruction of the host and leave the computer system offline," reads the Talos blog post.
It's difficult to accurately attribute this cyber attack to a specific group or nation-state hackers due to sparse of technical evidence to support such a conclusion as well as hackers often employing techniques to obfuscate their operations.
Congratulations @xojsteem! You received a personal award!
Click here to view your Board
Congratulations @xojsteem! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!