Olympic Destroyer

Malware updated 4 days ago (2024-11-29T14:15:13.047Z)
Download STIX
Preview STIX
Olympic Destroyer is a notorious malware that was deployed by Sandworm, a cyber-espionage group, during the 2018 Pyeongchang Winter Olympics. The malware caused significant disruption to the event's IT infrastructure, including broadcasting, ticketing, various Olympics websites, and Wi-Fi at the host stadium. Designed to exploit and damage computer systems, Olympic Destroyer infiltrates through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The attack was sophisticated, as it was engineered to falsely implicate North Korea's Lazarus group. The malware sample contained an embedded SQLite system credential stealer. In addition to stealing browser credentials, Olympic Destroyer also drops and executes a system stealer. To facilitate lateral movement within the infected system, the malware deploys a legitimate, digitally signed PsExec file, a tool from Microsoft. This attack was not isolated; there have been other instances where prominent international sports organizations were targeted, such as the serious data leak at the World Anti-Doping Agency (WADA) in 2016 that exposed the medical information of numerous global sports personalities. In response to these threats, agencies like ANSSI, CISA, and private-sector partners such as Cisco France have developed ready-to-use crisis exercises based on past attacks against previous Olympic Games, including the 2018 hack dubbed "Olympic Destroyer." The hacking group behind this, most commonly known as APT28, has a long history of high-profile cyber offensives, including US election interference in 2016, the NotPetya attacks, and others. Officials are keen to avoid a repeat of the massive disruptions caused by suspected Russian attackers during the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea.
Description last updated: 2024-10-17T12:47:56.372Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The NotPetya Malware is associated with Olympic Destroyer. NotPetya is a destructive malware that posed as ransomware, causing significant global damage in 2017. Despite its appearance as ransomware, NotPetya was not designed to extort money but rather to destroy data and disrupt operations, particularly targeting Ukraine's infrastructure. NotPetya was attrUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sandworm Threat Actor is associated with Olympic Destroyer. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which cUnspecified
2
Source Document References
Information about the Olympic Destroyer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more