Security experts: Russia is behind Pyeongchang Winter Olympics attack

After a high profile malware attack at the opening of the 2018 Pyeongchang Winter Olympics, security researchers began to trace backstage behind the scenes. Although the initial speculation points to Russia or North Korea, experts have been unable to come to a conclusion. Since malware makers do not leave their business cards in the code, it is often quite difficult to infer the originator of the attack. But as the Winter Olympics continue, investigators seem to be getting closer to the truth.

It is now known that this attack, known as the “Olympic saboteur,” lasted an hour on Friday. And its main target is those with @ pyeongchang2018.com e-mail account users.

This led to the Pincus Winter Olympics 2018 official website closed, and temporarily interrupted a number of the live streaming video. It is reported that malware will shut down the infected machine’s service, destroy the boot information, resulting in the machine cannot be used.

A surprising finding was that although it did not cause the greatest loss, it did show some limitations. Because it does not delete all the system files, but directly to the boot area to start. Luckily, a trained technician can recover the data relatively quickly.

From the broadcast and positioning means, Olympic Destroyer’s technology is similar to NotPetya and BadRabbit. The CIA and other security agencies have placed the source of such malware on Russia.

Since Russia was stopped outside the Olympic Winter Games because of the doping scandal (allowing only innocent athletes to compete in their personal names), it is naturally labeled a “number one suspect” hat.

However, Russia refuted: “We know that Western media are planning pseudo-investigations on the theme of ‘Russian fingerprints’ in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea.”

Source: TechSpot