Olympic Destroyer

Malware updated 25 days ago (2024-08-14T09:22:58.558Z)

Download STIX

Preview STIX

Olympic Destroyer is a notorious malware that wreaked havoc during the 2018 Winter Olympics in Pyeongchang, South Korea. The malicious software was deployed by Sandworm, a cyber-espionage group believed to be associated with APT28, a Russian cyber threat actor with a long history of high-profile cyber offensives, including US election interference in 2016 and the NotPetya attacks. The Olympic Destroyer attack caused significant disruption to the event's IT infrastructure, affecting broadcasting, ticketing, various Olympics websites, and Wi-Fi at the host stadium. This interference temporarily disabled key systems, including Wi-Fi at the stadium, IOC worker monitors, and the event's ticketing website, during the opening ceremony. The Olympic Destroyer malware showcased advanced capabilities such as system credential stealing and lateral movement using legitimate tools from Microsoft. Specifically, it dropped and executed a system stealer, using SQLite embedded in its sample. Additionally, the malware dropped a legitimate, digitally signed, PsExec file to facilitate lateral movement within the compromised network. These sophisticated features enabled the malware to cause extensive damage and disruption. This incident marked a significant escalation in cyberattacks targeting major international events. It followed a serious data leak at the World Anti-Doping Agency (WADA) in 2016, which exposed the medical information of numerous global sports personalities. The Olympic Destroyer attack was cleverly designed to pin the blame on North Korea's Lazarus group, demonstrating the increasing sophistication of cyber threat actors. Since this watershed moment, similar attacks have become more common, underscoring the need for robust cybersecurity measures at all levels of international event organization.

Description last updated: 2024-08-14T09:07:47.164Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
NotPetya	Unspecified	2	NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain at

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Sandworm	Unspecified	2	Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio

Source Document References

Information about the Olympic Destroyer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	19 days ago	How the Paris Olympics Survived Unprecedented Cyberthreats
DARKReading	a month ago	Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware
DARKReading	2 months ago	'Trial' DDoS Attacks on French Sites Portend Greater Olympics Threats
DARKReading	3 months ago	Russia Aims Cyber Operations at Summer Olympics
DARKReading	4 months ago	Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
BankInfoSecurity	5 months ago	The Global Menace of the Russian Sandworm Hacking Team
ESET	5 months ago	Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world
CERT-EU	10 months ago	Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack
DARKReading	a year ago	NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off
CERT-EU	a year ago	World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns
MITRE	2 years ago	APT Trends report Q1 2018
MITRE	2 years ago	Olympic Destroyer Takes Aim At Winter Olympics
Recorded Future	2 years ago	Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar \| Recorded Future
Recorded Future	2 years ago	Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar \| Recorded Future
CERT-EU	2 years ago	Six Common Ways That Malware Strains Get Their Names
CERT-EU	a year ago	APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.