Hackers who caused a tech meltdown at the PyeongChang Winter Olympic opening ceremony, leaving many spectators unable to print their tickets, have been subjected to an in-depth probe by cyber security ‘experts’.
The unknown group used a unique malware – now aptly named the ‘Olympic Destroyer’ – to target the official Olympic website, the stadium’s WiFi and broadcasters of the event. While the organizing committee quickly recovered their equilibrium and claimed there would be no repercussions for the culprits, ‘experts’ in the field have made it their mission to identify the group (or country) behind the sophisticated attack.
The Olympic Destroyer moves in the form of a network worm, which worked its way through internal servers via Windows network shares to shut down infected systems. Pyeongchang2018.com, network servers of the ski resorts and servers of Atos, the event’s IT service provider, were all targeted in the attack.
Of course the usual suspects were the first in the firing line. North Korea, Russia and China were all placed under the spotlight by various investigators looking into the hack. Kaspersky pointed out that their team suspected “North Korean cyber criminals” or “more specifically, the Lazarus Group.”
After studying a sample of the malware, Kaspersky researchers found digital fingerprints that “point directly to Lazarus as the author.” A deeper investigation, however, showed the resemblance may have been the result of a deliberate copycat operation.
Furthermore, the malware’s “fingerprints” also allegedly pointed to the work of Russian hacker group Sofacy (aka Fancy Bear and APT28). Meaning neither group can be confirmed nor ruled out. The investigation leaves open the possibility that cyber criminals could have implanted the digital remnants of both group as a cunning decoy, or perhaps a collaboration of all of the above is to blame?
Overall, the investigations appeared to turn up more questions than answers, but we want to know: What do you think?