There have been multiple attacks on I.T. infrastructure at the PyeongChang 2018 Olympic Winter Games. Although it is too early to determine who is responsible for the attack and if they are related, there a few interesting things to note.
- One attacked, named the 'Olympic Destroyer', aimed only to disrupt the hardware powering the Olympics and render the computers unusable by deleting shadow copies and other tools for recovering an infected machine.
- Attacks seemed to indicate the attackers were familiar with the infrastructure
- Rather than using hacking techniques to move around the network, the attacker was able to use valid credentials gathered from recon to remain undetected by malware & security scans
- Another multi-stage attacked, named Gold Dragon, was found to have Korean-language implant detected in December 2017
I first read about this on Dark Reading, an article by Kelly Sheridan (@kellymsheridan), check it out here: Cyberattack Aimed to Disrupt Opening of Winter Olympics