PyeongChang 2018 Opening Ceremony disrupted

The PyeongChang Olympics have been targeted by Russian hackers, thought to be an act of retaliation for the large doping ban imposed on the country. On the 9th of February, an attack occured which resulted in 12 hours of downtime on printing tickets, the official webpage and many other. Researchers at Cisco’s Talos division have released an analysis claiming the malware responsible was a type of fast-spreading worm, dubbed “Olympic Destroyer”, causing a Denial of Service attack.

The “Olympic Destroyer”

The organizing committee of the Winter Olympics confirmed on Sunday that an attack had occured on their systems. The IOC will not reveal the source of the attack, although suspicions from security experts point towards either Russian or Chinese actors. Due to the newly imposed doping ban on the latter country, it could be an act of retaliation.

The attack, which occured on the 9th of February, was the result of a destructive form of wiper malware dubbed “Olympic Destroyer” by Cisco’s Talos division. Spreading quickly throughout the system, it focused on destroying data rather than stealing it. Even back-up files were erased, meaning the attackers wanted the devices to be unusable after infection.

Furthermore, the attack lead to issues with ticket printing services, Wi-fi and televisions within the arena. A drone show to be performed by Intel was also cancelled. A video of the rehearsal was broadcasted as a substitute.

In order to bypass the security checks within the Olympic network infrastructure the malware used hard-coded credentials. According to the Cisco analysts, this included “username, domain name, server name, and obviously password.”. This points towards intimate knowledge of the systems. Previous infiltration can therefore not be ruled out.

However, the IOC now claim to a hold on the situation. IOC spokesperson Sung Baik-you stated on sunday that “all issues were resolved and recovered yesterday morning”. The outage of services lasted a full 12 hours.