Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is still active. It appears to be targeting Germany, France, Switzerland, the Netherlands, Ukraine and Russia, with a focus on organizations involved in protection against chemical and biological threats.

 

Olympic Destroyer is an advanced threat that hit organizers, suppliers and partners of the Winter Olympic Games 2018 in Pyeongchang, South Korea with a cybersabotage operation based on a destructive network worm. Many indicators pointed in different directions for the origins of the attack, causing some confusion in the info-security industry in February 2018.

 

A few rare and sophisticated signs discovered by Kaspersky Lab suggested that Lazarus group, a North Korea-linked threat actor, was behind the operation. However, in March, the company confirmed that the campaign featured an elaborate and convincing false flag operation, and Lazarus was unlikely to be the source. Researchers have now found the Olympic Destroyer operation is back in action, using some of its original infiltration and reconnaissance toolset, and focusing on targets in Europe.

 

The threat actor is spreading its malware through spear-phishing documents that closely resemble the weaponized documents used in preparation for the Winter Olympics operation. One such decoy document referred to the ‘Spiez Convergence’, a bio-chemical threats conference held in Switzerland and organized by the Spiez Laboratory, an organization that played a key role in the Salisbury attack investigation. Another document was targeting an entity of the health and veterinary control authority of Ukraine. Some of the spear-phishing documents uncovered by researchers carry words in Russian and German.

 

All final payloads extracted from the malicious documents were designed to provide generic access to the compromised computers. An open-source and free framework, widely known as Powershell Empire, was used for the second stage of the attack.

 

The attackers appear to use compromised legitimate webservers to host and control the malware. These servers use a popular open-source content management system (CMS) called Joomla. The researchers found that one of the servers hosting the malicious payload used a version of Joomla (v1.7.3) released in November 2011, which suggests that a very outdated variant of the CMS could have been used by the attackers to hack the servers.

 

Based on Kaspersky Lab telemetry and files uploaded to multi-scanner services, the interests of this Olympic Destroyer campaign appear to have been entities in Germany, France, Switzerland, the Netherlands, Ukraine and Russia.

 

The appearance, at the start of this year, of Olympic Destroyer with its sophisticated deception efforts, changed the attribution game forever and showed how easy it is to make a mistake with only fragments of the picture that are visible to researchers. The analysis and deterrence of these threats should be based on cooperation between the private sector and governments across national borders. We hope that by sharing our findings publicly, incident responders and security researchers will be better placed to recognize and mitigate such an attack at any stage in the future.” said Vitaly Kamluk, security researcher in Kaspersky Lab’s GReAT team.

 

In the previous attack, during the Winter Olympic Games, the beginning of the reconnaissance stage was a couple of months before the epidemic of the self-modifying destructive network worm. It is highly possible that Olympic Destroyer is preparing a similar attack with new motives. That is why we advise biological and chemical threat research entities to stay on high alert and launch an out-of-schedule security audit where possible.

 

Kaspersky Lab products successfully detect and block Olympic Destroyer-related malware.

For further information on the return of Olympic Destroyer, including Indicators of Compromise, read the blog on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


PCBG Gaming Crew
2017 Mid-Season Invitational Mania
Techworld • By: PCBG Gaming Crew | Date Posted: 12 April 2017 10:51 AM | 1369 Views
As the first half of major league tournaments all over the globe has been exhausted and judged, the 2017 Mid-Season Invitational will begin on the 29th of April with massive hungry league fans waiting.... See More
PCBG Gaming Crew
2017 Mid-Season Invitational Mania
Techworld • By: PCBG Gaming Crew | Date Posted: 10:51 AM | 1369 Views
As the first half of major league tournaments all over the globe has been exhausted and judged, the 2017 Mid-Season Invitational will begin on the 29th of April with massive hungry league fans waiting...See More

 
Globe Telecom Signs Multi-Year Intelligent Operations Deal with Amdocs for Continuous Enhancement of Services and Operations
Techworld Date Posted: 1 March 2018 2:38 PM | 535 Views
Amdocs, (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced that it has signed a multi-year services contract with Globe Telecom, one of the Philippines’ largest telecommunications.... See More
 
Globe Telecom Signs Multi-Year Intelligent Operations Deal with Amdocs for Continuous Enhancement of Services and Operations
Techworld Date Posted: 2:38 PM | 535 Views
Amdocs, (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced that it has signed a multi-year services contract with Globe Telecom, one of the Philippines’ largest telecommunications...See More

 
ViewSonic to Showcase Professional Monitors as the Priority Brand at Canon Photomarathon Philippines 2017
Techworld Date Posted: 17 October 2017 3:12 PM | 389 Views
Manila, Philippines- ViewSonic Corp., a leading global provider of visual solution products, will join the Canon Photomarathon Philippines 2017 on the 21st of October as the priority professional monitor brand.. See More
 
ViewSonic to Showcase Professional Monitors as the Priority Brand at Canon Photomarathon Philippines 2017
Techworld Date Posted: 3:12 PM | 389 Views
Manila, Philippines- ViewSonic Corp., a leading global provider of visual solution products, will join the Canon Photomarathon Philippines 2017 on the 21st of October as the priority professional monitor brand.See More

 
eSakay Electric Jeeps Servicing Makati-Mandaluyong Commuters Have Just Been Introduced to a Greater Riding Public
Techworld Date Posted: 23 January 2019 2:33 PM | 177 Views
eSakay’s electric vehicle (EV) fleet that will soon ply one of Metro Manila’s busiest commuting routes between Makati and Mandaluyong, was introduced at a launch ceremony at the Circuit Events Grounds in Makati City.... See More
 
eSakay Electric Jeeps Servicing Makati-Mandaluyong Commuters Have Just Been Introduced to a Greater Riding Public
Techworld Date Posted: 2:33 PM | 177 Views
eSakay’s electric vehicle (EV) fleet that will soon ply one of Metro Manila’s busiest commuting routes between Makati and Mandaluyong, was introduced at a launch ceremony at the Circuit Events Grounds in Makati City...See More

 
Lenovo and Asetek Team Up to Bring Gamers New Liquid-Cooled Lenovo Legion Y920 Tower
Techworld Date Posted: 29 August 2017 4:24 PM | 318 Views
Lenovo, the leading global technology brand, has just announced at gamescom2017 the Legion Y920 Tower, the newest member of its Legion gaming lineup that assures gamers a reliable, whisper-quiet, and always-cool gaming experience as.... See More
 
Lenovo and Asetek Team Up to Bring Gamers New Liquid-Cooled Lenovo Legion Y920 Tower
Techworld Date Posted: 4:24 PM | 318 Views
Lenovo, the leading global technology brand, has just announced at gamescom2017 the Legion Y920 Tower, the newest member of its Legion gaming lineup that assures gamers a reliable, whisper-quiet, and always-cool gaming experience as...See More

 
Sony Wins Big at the 2017 Red Dot Product Design Awards
Techworld Date Posted: 1 August 2017 11:00 AM | 305 Views
Proving its dedication to continuous innovation, Sony received numerous distinctions in the recently concluded Red Dot Product Design Awards. Some of the world's most iconic products to-date across different categories were recognized with the.... See More
 
Sony Wins Big at the 2017 Red Dot Product Design Awards
Techworld Date Posted: 11:00 AM | 305 Views
Proving its dedication to continuous innovation, Sony received numerous distinctions in the recently concluded Red Dot Product Design Awards. Some of the world's most iconic products to-date across different categories were recognized with the...See More

 
With Public Cloud Services Disrupted, Businesses Are Urged to Deploy Private Cloud to Minimize Losses
Techworld Date Posted: 2 April 2019 3:56 PM | 131 Views
Gmail and Google Drive experienced service disruptions globally on March 13 for appropriately four hours. Gmail users reported having trouble saving email drafts, sending emails, attaching and accessing attachments while Google Drive users experienced.... See More
 
With Public Cloud Services Disrupted, Businesses Are Urged to Deploy Private Cloud to Minimize Losses
Techworld Date Posted: 3:56 PM | 131 Views
Gmail and Google Drive experienced service disruptions globally on March 13 for appropriately four hours. Gmail users reported having trouble saving email drafts, sending emails, attaching and accessing attachments while Google Drive users experienced...See More

 
PUBG Performance Reveal — GeForce GTX 1060 Recommended for 1080P 60 FPS Gameplay
Techworld Date Posted: 19 December 2017 2:57 PM | 381 Views
On December 20, PLAYERUNKNOWN’S BATTLEGROUNDS (PUBG) exits Early Access and moves to launch status, and over 25 million PC gamers will be looking to set up their PCs for optimal gameplay. See More
 
PUBG Performance Reveal — GeForce GTX 1060 Recommended for 1080P 60 FPS Gameplay
Techworld Date Posted: 2:57 PM | 381 Views
On December 20, PLAYERUNKNOWN’S BATTLEGROUNDS (PUBG) exits Early Access and moves to launch status, and over 25 million PC gamers will be looking to set up their PCs for optimal gameplaySee More

 
ASUS Republic of Gamers Announces ROG Swift PG65 Big Format Gaming Display with NVIDIA G-SYNC at CES 2018
Techworld Date Posted: 8 January 2018 4:30 PM | 381 Views
ASUS Republic of Gamers (ROG) today announced that it will unveil the new ROG Swift PG65 big format gaming display (BFGD) with NVIDIA® G-SYNC® at CES® 2018 in Las Vegas.. See More
 
ASUS Republic of Gamers Announces ROG Swift PG65 Big Format Gaming Display with NVIDIA G-SYNC at CES 2018
Techworld Date Posted: 4:30 PM | 381 Views
ASUS Republic of Gamers (ROG) today announced that it will unveil the new ROG Swift PG65 big format gaming display (BFGD) with NVIDIA® G-SYNC® at CES® 2018 in Las Vegas.See More

 
Kaspersky Lab Launches Awards Campaign to Increase Awareness on Internet Safety
Techworld Date Posted: 9 August 2017 1:35 PM | 313 Views
Kaspersky Lab has launched a campaign in Asia Pacific to educate the public and spread awareness on Internet safety. Known as the Goondus Awards, the campaign is inviting submissions from the public on Internet.... See More
 
Kaspersky Lab Launches Awards Campaign to Increase Awareness on Internet Safety
Techworld Date Posted: 1:35 PM | 313 Views
Kaspersky Lab has launched a campaign in Asia Pacific to educate the public and spread awareness on Internet safety. Known as the Goondus Awards, the campaign is inviting submissions from the public on Internet...See More


Power by

Download Free AZ | Free Wordpress Themes