Olympics Malware attack may have been part of larger cyber espionage scheme

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on Cyber Espionage Scheme
Today I came across this story from scmagazineuk.com that details an interesting that Researchers found new details in the “Olympic Destroyer” malware for the PyeongChang Winter Olympics to provide a clearer picture of the malware’s intentions and background.
Olympic malware attacks could be part of a large scale cyber espionage program
Researchers found new details in the “Olympic Destroyer” malware targeting the PyeongChang Winter Olympics in Korea, revealing more clearly the intention and background of malware attacks.
According to a recently updated blog post, Cisco Talos researchers initially thought malware was only for a single terminal, but malware is now thought to also erase files on shared network drives.
In addition, researchers believe the only purpose of the attack is to shut down the gaming system rather than steal information. The malware contains a binary whose target machine has a pair of “steal modules,” one for obtaining user credentials embedded in a popular web browser and one for stealing them from the Windows “Local Security Agency Subsystem Service” .
The updated blog also states that the threat behind the malware actors know many technical details of the Olympic game infrastructure, such as username, domain name, server name, and password, suggesting that a compromise has taken place before the initial attack, according to Talos researcher Craig Williams.
Researchers at Cyber scoop came to a similar conclusion, finding that Olympic IT provider Atos was hacked before the Olympics endangered Atos employees’ usernames and passwords, suggesting that the recent attacks are part of a bigger cyber espionage activity based on 14 reported in February.
The researchers said the violation was most likely to target hackers in the Olympics, with hackers entering Atos at least until December 2017.
Despite new information, although some speculate that Russia may be banned from competing as a country for the doping scandal, it is still not clear who is behind the attack. However, non-participating Russian athletes are still allowed to compete under the Olympic flag .
Priscilla Moriuchi, director of strategic threat development, said Recorded Future’s Insikt Group told SC Media that it is important not to jump to conclusions as accurate attribution is more important and harder to pin down than ever before.
“This cold attribution to attacks such as the Pyeongchang Winter Games could have material negative consequences, and therefore deserves in-depth, expert and meaningful analysis,” Moriuchi said.
The researchers also warned that more attacks may be coming as the Olympics provide opportunities for a wide range of attacks, including phishing mail, domain name theft, ransomware and fake social media posts.
“The IT team should warn employees to click on the links or attachments for the Olympic-related e-mail,” Enginger Kirda, Lastline co-founder and chief architect, told SC Media. “It is also a good idea to use state-of-the-art technology to prevent cyber attacks such as behavior-based detectors like sandboxes from checking for possible attachment to a system.”
Read More…
Researchers discovered new details in the “Olympic Destroyer” malware which targeted the Winter Olympics in Pyeongchang, South Korea shedding more light on the malware’s intentions and background information on the attack. Cisco Talos researchers originally thought the malware only targeted single endpoints but now believe the malware also wipes files on shared network drives, according to a recently updated blog post detailing the malware. Furthermore researchers believe the sole purpose of the attack was to shut down systems at the games and not to steal information. The malware includes a binary that targets machines with a pair of “stealing modules,” one designed to grab user credentials embedded in popular web browsers and another to steal them from Windows’ Local Security Authority Subsystem Service. The updated blog also noted that the threat actors behind the malware knew a lot of technical details of the Olympic Game infrastructure such as usernames, domain name, server names and passwords suggesting a prior compromise had taken place before the initial attack, Talos researcher Craig Williams tweeted. Cyberscoop researchers came to a similar conclusion and found that Atos, the IT provider for the Olympics, was hacked months before the Olympics compromising Atos employee usernames and passwords suggesting the most recent attack was part of a larger cyber-espionage initiative, according to a 14 February report. Engaging post, Read More…
thumbnail courtesy of scmagazineuk.com.

(adsbygoogle = window.adsbygoogle || []).push({
google_ad_client: “ca-pub-9083755448612431”,
enable_page_level_ads: true
});

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Olympics Malware attack may have been part of larger cyber espionage scheme appeared first on Safe Harbor on Cyber.