Olympic Destroyer Takes Aim At Winter Olympics
Target: Winter Olympics
Attack Vector: Unknown
Summary: A malware attack, dubbed Olympic Destroyer, has targeted the Winter Olympics in Pyeongchang, South Korea. It is believed to be capable of wiping files on shared network drives and contains a credential stealing component. The malware was deployed during the opening ceremony on 9th February causing TV broadcasts and the official Winter Olympics website to be disrupted. Officials at the games confirmed technical issues to non-critical systems and recovery was completed within around 12 hours.
Risk assessment summary: The threat is assessed as 3c MODERATE and the likelihood has been rated as POSSIBLE. The malwares delivery mechanism is still currently unknown, hence a full technical description of the malware is not possible. The attack appears to have been targeted and it is believed that it was carried out by Russian hackers in response to the banning of athletes from competing under the Russian flag. If successful, the malware seeks to destroy its target and can take down whole systems in addition to carrying out credential theft. There is potential a high brand and risk impact on affected businesses. A higher risk is to be expected if businesses work with the Winter Olympics, in either an enabling or supporting role.