Olympic Destroyer

Malware Profile Updated a month ago
Download STIX
Preview STIX
Olympic Destroyer is a malware that significantly disrupted the 2018 Winter Olympics in Pyeongchang, South Korea. The malicious software was attributed to Sandworm, a cyber-espionage group, and was designed to infiltrate and impair IT systems. It was notably responsible for temporarily disabling Wi-Fi at the stadium, worker monitors, and the event's ticketing website during the opening ceremony. Interestingly, the malware was engineered to misdirect blame towards North Korea's Lazarus group, demonstrating an advanced level of sophistication. The malware's operational mechanisms included system credential stealing and lateral movement within infected networks. Olympic Destroyer dropped and executed a system stealer embedded in SQLite, which aided in pilfering browser credentials. Moreover, it deployed a legitimate, digitally signed PsExec file, a tool from Microsoft, to facilitate lateral movement within the compromised network. This use of legitimate tools made detection and mitigation more challenging for cybersecurity teams. Historically, Olympic Destroyer was not the first instance where prominent international sports organizations were targeted by cyber-espionage groups. In 2016, the World Anti-Doping Agency (WADA) suffered a serious data leak, revealing medical information of global sports personalities. Furthermore, the same group, Sandworm, was associated with several other significant attacks, including those against Ukrainian electrical companies, the 2017 French presidential campaign, and the Organisation for the Prohibition of Chemical Weapons. Since the watershed moment of the Olympic Destroyer attack, similar cyber disruptions have become increasingly common.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Lateral Move...
Data Leak
Sqlite
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NotPetyaUnspecified
1
NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
2
Sandworm, a threat actor linked to Russia, has been identified as a significant cybersecurity risk. Known for its sophisticated and malicious activities, Sandworm has notably compromised 11 Ukrainian telecommunications providers, disrupting services and posing a substantial threat to the digital inf
Lazarus GroupUnspecified
1
The Lazarus Group, a threat actor attributed to North Korea, is renowned for its notorious cyber-exploitation activities. The group has been linked to various high-profile cyber-attacks, including the largest decentralized finance exploit in history, the Ronin exploit of March 2022. This attack led
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Olympic Destroyer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a month ago
Russia Aims Cyber Operations at Summer Olympics
DARKReading
2 months ago
Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
BankInfoSecurity
3 months ago
The Global Menace of the Russian Sandworm Hacking Team
ESET
4 months ago
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world
CERT-EU
8 months ago
Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack
DARKReading
10 months ago
NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off
CERT-EU
a year ago
World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns
MITRE
a year ago
APT Trends report Q1 2018
MITRE
a year ago
Olympic Destroyer Takes Aim At Winter Olympics
Recorded Future
a year ago
Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar | Recorded Future
Recorded Future
a year ago
Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar | Recorded Future
CERT-EU
a year ago
Six Common Ways That Malware Strains Get Their Names
CERT-EU
a year ago
APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.