A cyber attack that forced the official Pyeongchang Winter Olympics’ website to go offline on the eve of the opening ceremony was conducted by Russian hackers who disguised their operations to give an impression that the cyber attack was conducted by North Korean hackers.
According to US intelligence agencies, the cyber attack directed at the official Pyeongchang Winter Olympics’ website was conducted by Russian hackers working at Russia’s premier military intelligence agency.
On 9th February, the day when the Pyeongchang Winter Olympics was slated to commence, the official website of the global event suffered a 12-hour shutdown thanks to what officials later admitted was a cyber attack. However, they weren’t too inclined to disclose details of the cyber attack and who were behind it.
‘We wouldn’t start giving you the details of an investigation before it has come to an end, particularly because it involves security which at these games is incredibly important. I am sure you appreciate we need to maintain the security of our systems,’ said Mark Adams, Head of Communications of the International Olympics Committee.
‘At the moment we are making sure our systems are secure, which they are, so discussing details of it is not helpful. You will understand that maintaining secure operations is our focus. That’s the focus of any organisation that has been hit by such a thing. And in line with best practice, which is industry practice, we are not going to comment on the issue because it is an issue we are dealing with,’ he added.
Interestingly, the cyber attack took place within days after an IOC panel refused permission for fifteen previously-banned Russian athletes and support staff from participating in the Winter Olympics. On 2nd February, the Russian Olympic Committee, which itself was suspended, appealed to the IOC’s Invitation Review Panel to allow the fifteen athletes to participate in the games, stating that their suspension had been lifted by the Court of Arbitration for Sport (CAS). The plea was rejected by the panel citing various reasons.
According to The Washington Post, US intelligence agencies believe that the cyber attack was conducted by Russian hackers in response to the banning of Russian athletes from participating in the event. However, to hide evidence of their involvement in the operation, they masked their IP addresses to make authorities believe that the attack was perpetrated by North Korean hackers.
The report added that Russian military spies had also hacked into hundreds of computers that belonged organisations that were involved in planning and organising the Winter Olympics.
“Apart from accessing the computers, GRU cyber-operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began, according to Western intelligence agencies. Such access could enable intelligence collection or network attacks, officials said,” it added.
According to unnamed officials at US intelligence agencies, those behind the cyber attack were GRU officials who worked at the agency’s Main Center for Special Technology, or GTsST. It is believed that these officials were also behind last year’s NotPetya ransomware attack that disrupted businesses in Ukraine and in Europe.
The cyber attack wasn’t the first salvo fired by Russian hackers at organisations associated with the Winter Olympics. Back in January, Fancy Bears, a prominent Russian hacker group, had announced that it had hacked a database belonging to the International Luge Federation (ILF) which had a major role to play during the Olympics.
Around the same time, the McAfee Advanced Threat Research team also uncovered a stealthy phishing operation that involved hackers sending e-mails directly to email@example.com and including a number of other South Korean organisations in the bcc field, thereby maximising the reach of their campaign. Attachments in these emails contained PowerShell scripts that allowed hackers to exploits the encrypted channel to execute commands on the victim’s machine and to install additional malware.