Analysis suggests Opening Ceremony cyberattack intended to disrupt Winter Olympics, not steal information

Yahoo Sports

The organizers of the 2018 Winter Olympics in PyeongChang, South Korea confirmed that a cyberattack took place during the Opening Ceremony, but stopped short of revealing who was behind it or what the motives might have been. Though the perpetrators of the hack remain unknown, an analysis from Cisco’s Talos Intelligence Group shed some light on why those responsible shut down Olympic servers, disrupting public wi-fi and grounding a brigade of choreographed drones.

According to Warren Mercer and Paul Rascagneres, the authors of the study, the attacks were designed not to steal information, but rather simply to destroy:

The samples identified, however, are not from adversaries looking for information from the games but instead they are aimed to disrupt the games. The samples analysed appear to perform only destructive functionality. There does not appear to be any exfiltration of data.

One of the infectious agents, dubbed “Olympic Destroyer”, appears to have been designed explicitly to delete data, both originals and copies, on targeted servers and subsequently render them inactive.

The research also notes that the seeds for these assaults may have been planted long before the festivities began in South Korea. The hackers behind the attack, whoever they were, managed to spread their malware throughout the Olympic servers ahead of time because they had acquired the information they needed to access the system (i.e. specific server IDs, user names and passwords) ahead of time.

The Olympic torch at the Opening Ceremony in PyeongChang, South Korea.
The Olympic torch at the Opening Ceremony in PyeongChang, South Korea.

How successful were these bad actors in inciting Joker-style chaos on the Korean peninsula? Not very. The servers were up and running again within 12 hours of the attack, and while the attack impeded some of the dancing drones from properly deploying, it couldn’t stop broadcasters from splicing in practice footage to cover up the disruption.

Then again, considering this was (at least) the second cyberattack on these Winter Olympics already, the bad actors involved don’t figure to let up just because their digital mischief was mostly mitigated.

More from Yahoo Sports:
While you were sleeping: Plenty from the ice, both great and regrettable
Dutch speed skater Wust makes Winter Olympics history
Canada’s Radford becomes first openly gay Winter Olympic champion
Passan: Olympics put money, TV ahead of snowboarders’ safety
Wetzel: Rippon hopes reach extends beyond gay community

What to read next

By using Yahoo you agree that Yahoo and partners may use Cookies for personalisation and other purposes