Posted on February 27, 2018 at 11:30 AM
It was a cold cyberwar at the Winter Olympics for many attendees of the games this year in Pyeongchang. Several failed to be able to access and print their tickets at the official website was down for more than a twelve-hour period after a widespread cyber attack surrounding the opening ceremonies on February 9th.
While officials at the Olympics admitted to the media that the event was attacked, they—unlike US intelligence—refused to reveal the identity of the attackers. US intelligence officials, communicating anonymously with representatives from the Washington Post, indicate that the attack was carried out by a military group of Russian spies. The attack wreaked havoc on the wireless network on site as well as on the press centre’s internet protocol TVs. Hundreds of computers used by Olympics authorities were breached, routers were hacked and new malware infection spread.
The plot thickened as US officials said Russian attackers tried to shift the blame to North Korean hackers through the use of North Korean IP addresses and other internet camouflage tactics. They believe that Russia’s military intelligence agency, the GRU, was responsible for the breach of approximately 300 computers in early February. More specifically, experts believe that the hackers are in the employ of the Main Center for Special Technology of the GRU. This is the same group of cyber attackers linked to the NotPetya attack that decimated Ukrainian computers last year.
Though some experts are strongly inferring the connection, it is still not clear that the attack by this Russian group in early February caused the fiasco at the opening ceremony. For several months prior to the Winter Olympic Games, security workers noticed growing numbers of phishing campaigns targeting multiple Olympics organizations. These phishing attacks were conducted by the group Fancy Bear or APT28, which has also been linked to the GRU. Nonetheless, before the start of the games, Russia denied any involvement in cyber-attacks that might take place during the Olympics. Furthermore, the Russian foreign ministry claimed knowledge of future media campaigns intending defamation of Russian national character with investigations surrounding “Russian fingerprints” in hacking attempts during the Olympic games. “Of course,” they said, “no evidence will be presented.”
The destructive malware, now known as “The Olympic Destroyer”, was identified by cybersecurity experts at CrowdStrike, FireEye and others. Experts believe that the attack was a result of the ban on Russia from this season’s Winter Olympics. Cyber-experts claim the attack was likely intended more for embarrassment than permanent destruction. US officials, standing by in case Korean officials requested support, expressed the concern that something like this might happen again during the closing ceremony. Nevertheless, the games closed without a hitch, impressive pyrotechnics included.