Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is still active. It appears to be targeting Germany, France, Switzerland, the Netherlands, Ukraine and Russia, with a focus on organizations involved in protection against chemical and biological threats.

 

Olympic Destroyer is an advanced threat that hit organizers, suppliers and partners of the Winter Olympic Games 2018 in Pyeongchang, South Korea with a cybersabotage operation based on a destructive network worm. Many indicators pointed in different directions for the origins of the attack, causing some confusion in the info-security industry in February 2018.

 

A few rare and sophisticated signs discovered by Kaspersky Lab suggested that Lazarus group, a North Korea-linked threat actor, was behind the operation. However, in March, the company confirmed that the campaign featured an elaborate and convincing false flag operation, and Lazarus was unlikely to be the source. Researchers have now found the Olympic Destroyer operation is back in action, using some of its original infiltration and reconnaissance toolset, and focusing on targets in Europe.

 

The threat actor is spreading its malware through spear-phishing documents that closely resemble the weaponized documents used in preparation for the Winter Olympics operation. One such decoy document referred to the ‘Spiez Convergence’, a bio-chemical threats conference held in Switzerland and organized by the Spiez Laboratory, an organization that played a key role in the Salisbury attack investigation. Another document was targeting an entity of the health and veterinary control authority of Ukraine. Some of the spear-phishing documents uncovered by researchers carry words in Russian and German.

 

All final payloads extracted from the malicious documents were designed to provide generic access to the compromised computers. An open-source and free framework, widely known as Powershell Empire, was used for the second stage of the attack.

 

The attackers appear to use compromised legitimate webservers to host and control the malware. These servers use a popular open-source content management system (CMS) called Joomla. The researchers found that one of the servers hosting the malicious payload used a version of Joomla (v1.7.3) released in November 2011, which suggests that a very outdated variant of the CMS could have been used by the attackers to hack the servers.

 

Based on Kaspersky Lab telemetry and files uploaded to multi-scanner services, the interests of this Olympic Destroyer campaign appear to have been entities in Germany, France, Switzerland, the Netherlands, Ukraine and Russia.

 

The appearance, at the start of this year, of Olympic Destroyer with its sophisticated deception efforts, changed the attribution game forever and showed how easy it is to make a mistake with only fragments of the picture that are visible to researchers. The analysis and deterrence of these threats should be based on cooperation between the private sector and governments across national borders. We hope that by sharing our findings publicly, incident responders and security researchers will be better placed to recognize and mitigate such an attack at any stage in the future.” said Vitaly Kamluk, security researcher in Kaspersky Lab’s GReAT team.

 

In the previous attack, during the Winter Olympic Games, the beginning of the reconnaissance stage was a couple of months before the epidemic of the self-modifying destructive network worm. It is highly possible that Olympic Destroyer is preparing a similar attack with new motives. That is why we advise biological and chemical threat research entities to stay on high alert and launch an out-of-schedule security audit where possible.

 

Kaspersky Lab products successfully detect and block Olympic Destroyer-related malware.

For further information on the return of Olympic Destroyer, including Indicators of Compromise, read the blog on Securelist.


RECOMMENDED ARTICLE FOR TECHWORLD


 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 9 January 2018 4:50 PM | 328 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.. See More
 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 4:50 PM | 328 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.See More

 
Lenovo Addresses Shifting Workspace Needs
Techworld Date Posted: 23 March 2018 1:11 PM | 329 Views
Lenovo (HKSE: 992) (ADR: LNVGY), the world’s leading PC manufacturer, launched its 8th-generation Lenovo ThinkPads and ThinkStations–specifically designed to provide enhanced agility and performance to support the ever-evolving workspace spurred by millennial workers.. See More
 
Lenovo Addresses Shifting Workspace Needs
Techworld Date Posted: 1:11 PM | 329 Views
Lenovo (HKSE: 992) (ADR: LNVGY), the world’s leading PC manufacturer, launched its 8th-generation Lenovo ThinkPads and ThinkStations–specifically designed to provide enhanced agility and performance to support the ever-evolving workspace spurred by millennial workers.See More

 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 21 November 2018 1:31 PM | 126 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with.... See More
 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 1:31 PM | 126 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with...See More

 
HMD Global, the Home of Nokia Phones, Brings Back Snake through Facebook AR Feature
Techworld Date Posted: 4 August 2018 10:05 AM | 475 Views
HMD Global, the home of Nokia phones, introduces an enhanced version of the classic Snake with augmented reality through Facebook’s camera feature.. See More
 
HMD Global, the Home of Nokia Phones, Brings Back Snake through Facebook AR Feature
Techworld Date Posted: 10:05 AM | 475 Views
HMD Global, the home of Nokia phones, introduces an enhanced version of the classic Snake with augmented reality through Facebook’s camera feature.See More

 
Transcend Wins Good Design Award 2018 in Japan
Techworld Date Posted: 16 October 2018 4:22 PM | 103 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, today announced that its JetDrive™ 855 SSD upgrade kit for Mac has won the "Good Design Award 2018" for its practical and.... See More
 
Transcend Wins Good Design Award 2018 in Japan
Techworld Date Posted: 4:22 PM | 103 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, today announced that its JetDrive™ 855 SSD upgrade kit for Mac has won the "Good Design Award 2018" for its practical and...See More

 
Symantec Significantly Expands Cloud Security Portfolio with Innovations to Secure Cloud Generation Applications, Workloads and Infrastructure
Techworld Date Posted: 6 November 2018 8:50 AM | 106 Views
Symantec Corp (NASDAQ: SYMC), the world’s leading cyber security company, today announced innovations and expansions to its cloud security portfolio, designed to help organizations protect the cloud generation applications and infrastructure they rely on.. See More
 
Symantec Significantly Expands Cloud Security Portfolio with Innovations to Secure Cloud Generation Applications, Workloads and Infrastructure
Techworld Date Posted: 8:50 AM | 106 Views
Symantec Corp (NASDAQ: SYMC), the world’s leading cyber security company, today announced innovations and expansions to its cloud security portfolio, designed to help organizations protect the cloud generation applications and infrastructure they rely on.See More

 
New Forces Join Popular Team Group Gaming T-FORCE Series
Techworld Date Posted: 30 September 2017 9:35 AM | 424 Views
Team Group, world renowned memory solutions and accessory provider, is proud to announce today the addition of new products as to their prestigious T-FORCE gaming line of products. See More
 
New Forces Join Popular Team Group Gaming T-FORCE Series
Techworld Date Posted: 9:35 AM | 424 Views
Team Group, world renowned memory solutions and accessory provider, is proud to announce today the addition of new products as to their prestigious T-FORCE gaming line of productsSee More

 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 28 November 2018 1:24 PM | 87 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for.... See More
 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 1:24 PM | 87 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for...See More

 
Globe Telecom Signs Multi-Year Intelligent Operations Deal with Amdocs for Continuous Enhancement of Services and Operations
Techworld Date Posted: 1 March 2018 2:38 PM | 429 Views
Amdocs, (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced that it has signed a multi-year services contract with Globe Telecom, one of the Philippines’ largest telecommunications.... See More
 
Globe Telecom Signs Multi-Year Intelligent Operations Deal with Amdocs for Continuous Enhancement of Services and Operations
Techworld Date Posted: 2:38 PM | 429 Views
Amdocs, (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced that it has signed a multi-year services contract with Globe Telecom, one of the Philippines’ largest telecommunications...See More

 
An Easy Way for People in the Philippines to Access Their Money on Messenger
Techworld Date Posted: 23 September 2017 11:20 AM | 173 Views
Today, PayMaya and GCash, in partnership with Facebook, announced an easy new way for people to send money to friends, pay bills, and buy mobile data using Messenger. People in the Philippines regularly connect.... See More
 
An Easy Way for People in the Philippines to Access Their Money on Messenger
Techworld Date Posted: 11:20 AM | 173 Views
Today, PayMaya and GCash, in partnership with Facebook, announced an easy new way for people to send money to friends, pay bills, and buy mobile data using Messenger. People in the Philippines regularly connect...See More


Power by

Download Free AZ | Free Wordpress Themes