US Spies: Russia Hacked Pyeongchang 2018

Written by

Kremlin hackers were responsible for cyber-attacks targeting the Winter Olympics in South Korea earlier this month, according to US intelligence.

The unnamed sources told the Washington Post that the operatives most likely work for the Russian military agency GRU’s Main Center for Special Technology (GTsST), the same body that is said to have been responsible for the infamous NotPetya ransomware attack in 2017.

The hackers apparently compromised as many as 300 computers linked to the games, and also placed malware on routers in South Korea on the opening day.

The state-sponsored hackers are said to have tried to run a “false flag” operation aiming to implicate North Korea.

There have been numerous reports of cyber-attacks ahead of and during the games in Pyeongchang.

Most notably, the official website of the games was taken offline for 12 hours ahead of the opening ceremony in early February, with some visitors unable to print their tickets and therefore missing out.

Wi-Fi connectivity and televisions in the media center also went down, according to reports at the time.

McAfee also discovered a new variant of malware being targeted at individuals in key organizations involved with the Winter Games, as part of the Korean-language Operation GoldDragon.

If Russia is responsible for attacks on the games it would make sense, given that its athletes have been banned from competing under the Russian banner, with many excluded altogether after a large-scale, state-sponsored doping campaign was uncovered a few years ago.

Infamous hacking group Fancy Bear has been highly active in trying to discredit Olympic athletes, as well as the games itself, in retaliation — stealing and leaking sensitive medical and other documents.

It’s not just state-sponsored hackers that have been active during the past few weeks. Cyber-criminals usually try to jump on the coat tails of popular sporting events to defraud consumers, and Pyeongchang 2018 was no different, according to Proofpoint.

Since 2010, 105 spoof domains have been registered using variations on the official pyeongchang2018 moniker, facilitating illegal streaming, non-sanctioned ticket sales and other illicit activities, the firm claimed.

What’s hot on Infosecurity Magazine?