In a development that wasn’t entirely unexpected, the official Pyeongchang Winter Olympics’ website went offline for around 12 hours after being targeted by a cyber-attack on Friday, minutes before the opening ceremony was to take place.
The cyber-attack was one of many such attempts aimed at organisations and individuals associated with the Winter Olympics since the turn of the year.
On Friday, the day when the Pyeongchang Winter Olympics was slated to commence, the official website of the global event suffered a 12-hour shutdown thanks to what officials later admitted was a cyber-attack. However, they weren’t too inclined to disclose details of the cyber attack and who were behind it.
‘We wouldn’t start giving you the details of an investigation before it has come to an end, particularly because it involves security which at these games is incredibly important. I am sure you appreciate we need to maintain the security of our systems,’ said Mark Adams, Head of Communications of the International Olympics Committee.
‘At the moment we are making sure our systems are secure, which they are, so discussing details of it is not helpful. You will understand that maintaining secure operations is our focus. That’s the focus of any organisation that has been hit by such a thing. And in line with best practice, which is industry practice, we are not going to comment on the issue because it is an issue we are dealing with,’ he added.
Interestingly, the cyber attack took place within days after an IOC panel refused permission for fifteen previously-banned Russian athletes and support staff from participating in the Winter Olympics. On 2nd February, the Russian Olympic Committee, which itself is suspended, appealed to the IOC’s Invitation Review Panel to allow the fifteen athletes to participate in the games, stating that their suspension had been lifted by the Court of Arbitration for Sport (CAS).
However, the panel refused to lift the ban, stating that the full reasoning for these decisions by the Court of Arbitration for Sport had not been made public. It added that ‘there were additional elements and/or evidence, which could not be considered by the IOC Oswald Commission because it was not available to it, that raised suspicion about the integrity of these athletes. The additional information included data from the LIMS database, traces of prohibited substances, evidence of steroid profile manipulation and further confidential information provided to the Panel by WADA’.
Back in January, Fancy Bears, a prominent Russian hacker group, had announced that it had hacked a database belonging to the International Luge Federation (ILF) which had a major role to play during the Olympics.
Around the same time, the McAfee Advanced Threat Research team also uncovered a stealthy phishing operation that involved hackers sending e-mails directly to firstname.lastname@example.org and including a number of other South Korean organisations in the bcc field, thereby maximising the reach of their campaign. Attachments in these emails contained PowerShell scripts that allowed hackers to exploits the encrypted channel to execute commands on the victim’s machine and to install additional malware.
Recently, the team also discovered that hackers were running a new campaign dubbed Operation Gold Dragon. Using spoofed emails, they injected a malicious implant named Gold Dragon into victims’ systems, which in turn allowed them to access end-user systems and to collect data stored on the device and connected cloud accounts. This operation put at risk customer and employee financial or personal data as well as Winter Games-related details, trade secrets, and more.