Hackers successfully targeted the Winter Olympics in South Korea Friday during the games’ opening ceremony.
As reported by The Guardian Sunday, event organizers confirmed that numerous systems had been disrupted during the incident.
“There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem,” Pyeongchang 2018 spokesperson Sung Baik-you stated.
The hack is said to have affected the official Pyeongchang 2018 website, the WiFi in Pyeonchang Olympic stadium as well as the televisions and internet in the main press center.
“We are taking secure operations and, in line with best practice, we’re not going to comment on the issue because it is an issue that we are dealing with,” Baik-you added.
Researchers at cyber threat intelligence team Talos detailed Monday what they believe, with moderate confidence, are samples of the malware used in the attack.
According to Talos, the malware, dubbed Olympic Destroyer, is “not from adversaries looking for information” but from attackers merely looking to “disrupt the games.”
“The samples analysed appear to perform only destructive functionality,” the company wrote in a blog post. “There does not appear to be any exfiltration of data.”
The malware works by dropping files onto a target machine capable of stealing both system passwords and passwords stored in Internet Explorer, Firefox and Chrome. After using the stolen passwords to move through the network, Olympic Destroyer then wipes the target computer in order to remove evidence of the attack.
While Talos is not certain of how the malware found its way onto the network, Olympic Destroyer is said to have contained hard-coded Olympics login credentials, suggesting the infrastructure had previously been compromised.
“The malware delivery mechanism is currently unknown which means the infection vector could be a multitude of options, but, if the attacker already had access to the environment, this attack could have been carried out remotely,” Talos writes. “This would allow the actors to specifically pinpoint the moment of the opening ceremony and would allow them to control their time of impact.”
Although neither Talos or Olympics officials have pointed the finger at a potential suspect thus far, some cybersecurity experts have accused Russia given possible motive and the attack’s methods. Russia was banned from the Winter Olympics last December after the International Olympic Committee charged the country with running an extensive state-backed doping program.
Cybersecurity firm Intezer stated though that the malware’s code has been linked to state-backed hackers from China.
Code connections between the #malware targeting the #Olympics from both the McAfee and Talos reports to known Chinese threat actors. We will publish more details soon. https://t.co/jfBaVgXaG6 pic.twitter.com/2VWz5PkyOX
— Intezer (@IntezerLabs) February 12, 2018