The 2018 “Olympic Destroyer” Cyber Attack
In February 2018, as the world turned its attention to the Winter Olympics in PyeongChang, South Korea, a covert and malicious cyber attack unfolded behind the scenes. Dubbed “Olympic Destroyer,” this sophisticated malware sought to disrupt the international event and tarnish the Olympic spirit.
History
The Olympic Destroyer attack occurred on February 9, 2018, coinciding with the opening ceremony of the PyeongChang Winter Olympics. As athletes prepared to compete and spectators settled in to enjoy the spectacle, a cyber assault aimed at derailing the event was launched. The attack briefly disrupted IT systems supporting the Olympics, including Wi-Fi networks, Olympic websites, and even the official app used by attendees and participants.
Impact
The immediate impact of the Olympic Destroyer attack was the temporary disruption of several critical systems. Key consequences included:
Network Downtime: The attack caused the shutdown of internet access, affecting press coverage and delaying event updates.
Website Outages: Official Olympic websites went offline, impacting ticketing and information dissemination.
Operational Interruptions: Various administrative systems experienced downtime, complicating logistics and event management.
Despite these disruptions, the quick response of cybersecurity teams ensured that the event continued with minimal long-term impact. The swift mitigation efforts underscored the importance of preparedness and robust incident response plans.
Methodology
Olympic Destroyer employed a sophisticated attack strategy:
Spear-Phishing: Initial access was likely gained through targeted spear-phishing emails, which tricked recipients into downloading malicious attachments.
Credential Theft: The malware included components designed to steal user credentials, facilitating deeper penetration into networks.
Network Propagation: Olympic Destroyer utilized legitimate administrative tools and Windows Management Instrumentation (WMI) to move laterally across infected networks.
Destructive Payload: The malware was equipped with a destructive payload that deleted shadow copies and manipulated boot configurations, making recovery more difficult. Notably, the attack also employed false-flag techniques, incorporating code and methods used in previous attacks attributed to different nation-state actors, to obfuscate its origin and mislead investigators.
Main Objective
While the overt appearance of Olympic Destroyer suggested a ransomware-style attack, its primary objective was far more insidious: to disrupt the Olympic Games and undermine confidence in international events.
Written By: Prabuddha Pandey
