Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is still active. It appears to be targeting Germany, France, Switzerland, the Netherlands, Ukraine and Russia, with a focus on organizations involved in protection against chemical and biological threats.

 

Olympic Destroyer is an advanced threat that hit organizers, suppliers and partners of the Winter Olympic Games 2018 in Pyeongchang, South Korea with a cybersabotage operation based on a destructive network worm. Many indicators pointed in different directions for the origins of the attack, causing some confusion in the info-security industry in February 2018.

 

A few rare and sophisticated signs discovered by Kaspersky Lab suggested that Lazarus group, a North Korea-linked threat actor, was behind the operation. However, in March, the company confirmed that the campaign featured an elaborate and convincing false flag operation, and Lazarus was unlikely to be the source. Researchers have now found the Olympic Destroyer operation is back in action, using some of its original infiltration and reconnaissance toolset, and focusing on targets in Europe.

 

The threat actor is spreading its malware through spear-phishing documents that closely resemble the weaponized documents used in preparation for the Winter Olympics operation. One such decoy document referred to the ‘Spiez Convergence’, a bio-chemical threats conference held in Switzerland and organized by the Spiez Laboratory, an organization that played a key role in the Salisbury attack investigation. Another document was targeting an entity of the health and veterinary control authority of Ukraine. Some of the spear-phishing documents uncovered by researchers carry words in Russian and German.

 

All final payloads extracted from the malicious documents were designed to provide generic access to the compromised computers. An open-source and free framework, widely known as Powershell Empire, was used for the second stage of the attack.

 

The attackers appear to use compromised legitimate webservers to host and control the malware. These servers use a popular open-source content management system (CMS) called Joomla. The researchers found that one of the servers hosting the malicious payload used a version of Joomla (v1.7.3) released in November 2011, which suggests that a very outdated variant of the CMS could have been used by the attackers to hack the servers.

 

Based on Kaspersky Lab telemetry and files uploaded to multi-scanner services, the interests of this Olympic Destroyer campaign appear to have been entities in Germany, France, Switzerland, the Netherlands, Ukraine and Russia.

 

The appearance, at the start of this year, of Olympic Destroyer with its sophisticated deception efforts, changed the attribution game forever and showed how easy it is to make a mistake with only fragments of the picture that are visible to researchers. The analysis and deterrence of these threats should be based on cooperation between the private sector and governments across national borders. We hope that by sharing our findings publicly, incident responders and security researchers will be better placed to recognize and mitigate such an attack at any stage in the future.” said Vitaly Kamluk, security researcher in Kaspersky Lab’s GReAT team.

 

In the previous attack, during the Winter Olympic Games, the beginning of the reconnaissance stage was a couple of months before the epidemic of the self-modifying destructive network worm. It is highly possible that Olympic Destroyer is preparing a similar attack with new motives. That is why we advise biological and chemical threat research entities to stay on high alert and launch an out-of-schedule security audit where possible.

 

Kaspersky Lab products successfully detect and block Olympic Destroyer-related malware.

For further information on the return of Olympic Destroyer, including Indicators of Compromise, read the blog on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Lian Li Readies CES 2019 Showcase Featuring New Products and Collaborations
Techworld Date Posted: 9 January 2019 12:44 PM | 277 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for gaming enthusiasts, custom OEM/ODM case solutions and case accessories, is thrilled to invite everyone to the Consumers Electronics Show (CES) 2019. See More
 
Lian Li Readies CES 2019 Showcase Featuring New Products and Collaborations
Techworld Date Posted: 12:44 PM | 277 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for gaming enthusiasts, custom OEM/ODM case solutions and case accessories, is thrilled to invite everyone to the Consumers Electronics Show (CES) 2019See More

 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 19 October 2017 5:27 PM | 363 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of.... See More
 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 5:27 PM | 363 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of...See More

 
5 out of 10 Filipino Internet Users Affected by Cybersecurity Incidents in H2 2016
Techworld Date Posted: 26 July 2017 2:49 PM | 263 Views
More than half of the internet users in the Philippines have been hacked or infected with malware during the last six months of 2016, according to the Kaspersky Cybersecurity Index. Almost the same number.... See More
 
5 out of 10 Filipino Internet Users Affected by Cybersecurity Incidents in H2 2016
Techworld Date Posted: 2:49 PM | 263 Views
More than half of the internet users in the Philippines have been hacked or infected with malware during the last six months of 2016, according to the Kaspersky Cybersecurity Index. Almost the same number...See More

 
Lenovo Launches the New Power-Packed Lenovo K8 Note and Lenovo K8 Plus Smartphones
Techworld Date Posted: 9 November 2017 1:40 PM | 315 Views
Lenovo continues to offer Filipinos unmatched premium mobile experience at a pocket friendly price with the all-new additions to its K series of devices, the Lenovo K8 Note and Lenovo K8 Plus.. See More
 
Lenovo Launches the New Power-Packed Lenovo K8 Note and Lenovo K8 Plus Smartphones
Techworld Date Posted: 1:40 PM | 315 Views
Lenovo continues to offer Filipinos unmatched premium mobile experience at a pocket friendly price with the all-new additions to its K series of devices, the Lenovo K8 Note and Lenovo K8 Plus.See More

 
WATCH: A 19-year Old Student Builds a Power Bank That Can Power Appliances On-the-Go
Techworld Date Posted: 27 March 2018 2:38 PM | 482 Views
We rely heavily on our gadgets these days. Almost everyone has a power bank for those times when you don’t have access to a power source to charge your phone. . See More
 
WATCH: A 19-year Old Student Builds a Power Bank That Can Power Appliances On-the-Go
Techworld Date Posted: 2:38 PM | 482 Views
We rely heavily on our gadgets these days. Almost everyone has a power bank for those times when you don’t have access to a power source to charge your phone. See More

 
ASUS Republic of Gamers Bundles the Best Games and Gears This Holiday Season!
Techworld Date Posted: 25 November 2017 4:58 PM | 342 Views
As the season of giving draws near, ASUS Republic Of Gamers (ROG) is first to gift its loyal customers additional reasons to upgrade their DIY PC systems. Dubbed as the Merry Strixmas promo, ROG.... See More
 
ASUS Republic of Gamers Bundles the Best Games and Gears This Holiday Season!
Techworld Date Posted: 4:58 PM | 342 Views
As the season of giving draws near, ASUS Republic Of Gamers (ROG) is first to gift its loyal customers additional reasons to upgrade their DIY PC systems. Dubbed as the Merry Strixmas promo, ROG...See More

 
Four Skills CISOs Should Develop to Succeed in 2019
Techworld Date Posted: 15 March 2019 3:01 PM | 77 Views
As cyber-risks became a business issue, the role of the CISO in an organization has changed. The modern CISO is not just a head of department, responsible for implementation and management of security controls. See More
 
Four Skills CISOs Should Develop to Succeed in 2019
Techworld Date Posted: 3:01 PM | 77 Views
As cyber-risks became a business issue, the role of the CISO in an organization has changed. The modern CISO is not just a head of department, responsible for implementation and management of security controlsSee More

Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 6 September 2017 9:34 AM | 380 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval.... See More
Frank Emmanuel Trazo
Steam Greenlight: An End of a Chaotic Era
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 9:34 AM | 380 Views
On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval...See More

 
Aruba Named as ‘Leader’ in Gartner’s Magic Quadrant and Tops All Six Use-Cases in Critical Capabilities Report
Techworld Date Posted: 21 November 2017 8:51 AM | 604 Views
For the first time ever, Aruba is positioned furthest overall in the ‘Leaders’ category in Gartner’s Magic Quadrant for Wired and Wireless LAN Access . See More
 
Aruba Named as ‘Leader’ in Gartner’s Magic Quadrant and Tops All Six Use-Cases in Critical Capabilities Report
Techworld Date Posted: 8:51 AM | 604 Views
For the first time ever, Aruba is positioned furthest overall in the ‘Leaders’ category in Gartner’s Magic Quadrant for Wired and Wireless LAN Access See More

 
Kaspersky Lab Invites Users to Reflect on How our Digital Footprint May Shape the Future
Techworld Date Posted: 23 April 2018 3:26 PM | 426 Views
Kaspersky Lab’s interactive multimedia project Earth 2050 has been accumulating predictions about environmental, social and technological developments for the upcoming 30 years since its launch in 2017. As Earth Day approaches, the company is.... See More
 
Kaspersky Lab Invites Users to Reflect on How our Digital Footprint May Shape the Future
Techworld Date Posted: 3:26 PM | 426 Views
Kaspersky Lab’s interactive multimedia project Earth 2050 has been accumulating predictions about environmental, social and technological developments for the upcoming 30 years since its launch in 2017. As Earth Day approaches, the company is...See More


Power by

Download Free AZ | Free Wordpress Themes