IT Provider for 2018 Winter Olympics, hacked month before Opening Ceremony
- Anas Feroz
- February 23rd, 2018
According to cyber security experts, major events like Winter Olympics are an easy target for hackers. According to news, the deployers of Olympic Destroyer Malware, have previously penetrated through the systems of Atos previously in December.
Atos told the news site that they are investigating this breach with the help of McAfee’s Advanced Threat Research Team.
Olympic organizers shut down the servers instantly to prevent any further damage once the Winter Olympics hacked was discovered. The website came back online after 2 days of attack early in the morning, though the origin of the attack remained uncertain.
“The new document contained the same metadata properties as those related to Operation GoldDragon, and sought to gain persistence on systems owned by organizations involved with the Winter Games,” Sherstobitoff said in a statement.
“It is clear attacks are ongoing and are likely to continue throughout the duration of the games. What is yet to be determined is if actors are working simply to gain disruption, or if their motives are greater.”
“This particular malware has not been seen before, and it is something custom that was created by the attacker,” Sherstobitoff told ZDNet at the time.
The attacks that occurred previously were initiated by sending emails asking about the personal details of the recipient. McAfee Labs thinks that these emails were sent from an IP address in Singapore.
Though it was not clear whether the hackers intruded in the servers of Atos to affect the Winter Olympics.
The Atos-related information on VirusTotal was attached to multiple Olympic Destroyer malware samples. The connection suggests the hackers had penetrated the IT provider in recent months.
The stolen data included some of the Atos employee’s username and password, which was only viewable if the malware samples were broken and strings were further analyzed.
McAfee analysts will keep monitoring the games as said by Sherstobitoff.
According to experts Winter Olympics Destroyer is engineered in a way by which it act likes a worm, which scans user’s credentials carrying them for login attempts from different locations, which makes this destroyer unique in its own way.