Olympic Destroyer

Malware updated a month ago (2024-10-17T13:01:14.905Z)

Download STIX

Preview STIX

Olympic Destroyer is a notorious malware that was deployed by Sandworm, a cyber-espionage group, during the 2018 Pyeongchang Winter Olympics. The malware caused significant disruption to the event's IT infrastructure, including broadcasting, ticketing, various Olympics websites, and Wi-Fi at the host stadium. Designed to exploit and damage computer systems, Olympic Destroyer infiltrates through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The attack was sophisticated, as it was engineered to falsely implicate North Korea's Lazarus group. The malware sample contained an embedded SQLite system credential stealer. In addition to stealing browser credentials, Olympic Destroyer also drops and executes a system stealer. To facilitate lateral movement within the infected system, the malware deploys a legitimate, digitally signed PsExec file, a tool from Microsoft. This attack was not isolated; there have been other instances where prominent international sports organizations were targeted, such as the serious data leak at the World Anti-Doping Agency (WADA) in 2016 that exposed the medical information of numerous global sports personalities. In response to these threats, agencies like ANSSI, CISA, and private-sector partners such as Cisco France have developed ready-to-use crisis exercises based on past attacks against previous Olympic Games, including the 2018 hack dubbed "Olympic Destroyer." The hacking group behind this, most commonly known as APT28, has a long history of high-profile cyber offensives, including US election interference in 2016, the NotPetya attacks, and others. Officials are keen to avoid a repeat of the massive disruptions caused by suspected Russian attackers during the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea.

Description last updated: 2024-10-17T12:47:56.372Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The NotPetya Malware is associated with Olympic Destroyer. NotPetya, a destructive malware posing as ransomware, was unleashed in 2017, causing widespread global damage while primarily targeting Ukraine's infrastructure. The cyberattack, commonly attributed to Russia, was so devastating that it led many to consider it an act of cyberwar, despite no official	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Sandworm Threat Actor is associated with Olympic Destroyer. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c	Unspecified	2

Source Document References

Information about the Olympic Destroyer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	3 months ago	How the Paris Olympics Survived Unprecedented Cyberthreats
DARKReading	4 months ago	Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware
DARKReading	4 months ago	'Trial' DDoS Attacks on French Sites Portend Greater Olympics Threats
DARKReading	6 months ago	Russia Aims Cyber Operations at Summer Olympics
DARKReading	7 months ago	Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
BankInfoSecurity	7 months ago	The Global Menace of the Russian Sandworm Hacking Team
ESET	8 months ago	Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world
CERT-EU	a year ago	Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack
DARKReading	a year ago	NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off
CERT-EU	a year ago	World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns
MITRE	2 years ago	APT Trends report Q1 2018
MITRE	2 years ago	Olympic Destroyer Takes Aim At Winter Olympics
Recorded Future	2 years ago	Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar \| Recorded Future
Recorded Future	2 years ago	Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar \| Recorded Future
CERT-EU	2 years ago	Six Common Ways That Malware Strains Get Their Names
CERT-EU	2 years ago	APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.