US security firms identify Olympics cyberattack

Cisco says attack on Opening Ceremony similar to hacks last year linked to Russia

US security firms identify Olympics cyberattack

Several cybersecurity firms in the U.S. announced Monday that the Opening Ceremony of the Pyeongchang Winter Olympic Games was targeted by a computer virus named “Olympic Destroyer”.

Experts did not know what group was behind the cyberattack Friday. Organizers for the games announced last weekend that systems had been attacked, but nothing critical had been taken offline.

The attack was able to knock out some television and internet services during the daytime before the ceremony.

Cisco's Talos Intelligence Group said it identified the malware behind the attack, which was also confirmed by cybersecurity firms CrowdStrike and FireEye.

The outages were caused by a virus pushing a so-called denial-of-service attack on the Pyeongchang systems, where hackers overwhelm a server.

It appears hackers desired to cause chaos to the opening ceremony, not necessarily steal information from servers owned by the Olympics.

“Talos have identified the [malware] samples, with moderate confidence, used in this attack. The infection vector is currently unknown as we continue to investigate,” Cisco’s Warren Mercer and Paul Rascagneres wrote in a blog post.

“The samples identified, however, are not from adversaries looking for information from the games, but instead they are aimed to disrupt the games. The samples analyzed appear to perform only destructive functionality. There does not appear to be any exfiltration of data.”

Though researchers did not name a likely culprit of the attack, they said Olympic Destroyer was similar to viruses called “BadRabbit” and “Nyetya”.

Both those pieces of malware were linked to Russian hackers and were used last year to attack computer systems owned by the Ukrainian government as well as the Central Intelligence Agency.

There have been several Russian cyberattacks on the International Olympic Committee in the past few weeks, mostly with the aim of leaking embarrassing documents. The hacks appear to be retaliation for the IOC banning Russia from competing in the 2018 games due to a state-sponsored doping scandal.