Click For Photo: https://media.wired.com/photos/5a81c1fe7b7bd44d86b87f77/191:100/pass/OpeningCeremonyHacked-916139258.jpg
Russian hackers, with hardly a shred of deniability, have targeted the Pyeongchang Olympics for months in retaliation for the country's doping ban, stealing and leaking documents from Olympics-related organizations. Now a more insidious attack has surfaced, one designed not to merely embarrass, but disrupt the opening ceremonies themselves. And while neither Olympics organizers nor security firms are ready to point the finger at the Kremlin, the hackers seem to have at least left behind some calling cards that look rather Russian.
Now security researchers at Cisco's Talos division have released an analysis of a piece of sophisticated, fast-spreading malware they're calling Olympic Destroyer, which they believe was likely the cause of that outage.
Worm - Olympic - Infrastructure - Attack - Talos
"It was effectively a worm within the Olympic infrastructure that caused a denial-of-service attack," says Talos researcher Warren Mercer.
According to a detailed blog post the Talos researchers published Monday morning, Olympic Destroyer is designed to automatically jump from machine to machine within a target network and destroy certain data on the machine, including part of its boot record, rebooting machines and then preventing them from loading. "It turns off all the services, the boot information is nuked, and the machine is disabled," says Talos research director Craig Williams.
'It - Message - System
'It’s almost like they're sending a message. They could wipe the system, but they chose not.'
Talos points out that Olympic Destroyer's disruptive tactics and spreading methods resemble NotPetya and BadRabbit, two pieces of Ukraine-targeting malware seen in the last year that the Ukrainian government, the CIA, and other security firms have all tied to Russian hackers.
Attacks - Sample - Data - Victim - Machines
But strangely, unlike those earlier malware attacks, this latest sample destroys only backup data on victim machines, while leaving the rest of the PC's hard drive intact. And in fact, the Olympic organizers were able to get their systems working again within 24 hours, while NotPetya victims...
(Excerpt) Read more at: WIRED
Wake Up To Breaking News!
You can never use the word unexpected when it comes to abuse of power by the government.