Feb 12, 2018

What we know about the Olympic malware attack

Participants in the opening ceremony for the Pyeongchang Olympics on Feb. 9, 2018. Photo: Kyodo News via Getty Images

The newly discovered malware known as "Olympic Destroyer" was specifically designed to attack the Olympics, researchers have found, although the first batch of investigations haven't been able to pin point the source.

How it works: Like the name suggests, Destroyer is purely destructive. Unlike ransomware, it does not extort money, and the malware doesn't steal files. Instead, it deletes backup files on a system and tampers with files needed to boot a computer, making it impossible to boot without repair. It does not delete the main files or programs on a computer.

Why that matters: Researchers at Cisco's Talos division speculate that, without a backup, tech support would won't restore the hard drive to a state where the malware is totally wiped. The attacker can then relaunch the same attack over and over again.

  • The malware uses hard-coded network credentials for Olympic systems and any credentials it comes across, allowing it to attack other computers on the same network.
  • Changing the hard-coded credentials could then set loose another attack.
  • The attackers would have had to steal credentials before programming it into the malware.

Who's behind it: Adam Meyers, Vice President of Intelligence at Crowdstrike, notes that Fancy Bear, one of the believed Russian groups thought to be behind the Democratic National Committee breach, hacked a number of Olympic-affiliated systems in November and December. The malware was compiled in late December. That might hint at Russian involvement.

  • Possible motive: Russia feels that being all but barred from the Olympics for widespread doping is a slight against the nation. In the 2016 Olympics, when Russian athletes were banned in bulk, a lead Fancy Bear is believed to have hacked the World Anti Doping Agency.
  • Yes, but: The timeline of attacks doesn't necessarily attribute it to Russia, Meyers said.
  • Maybe China? The firm Intezer found that Olympic Destroyer shared "significant" chunks of computer code with believed Chinese-affiliated espionage groups. That does not mean China is behind the attack so much as someone using Chinese computer code is behind the attack. But Intezer, which operates a code analysis system similar to automated plagiarism detection websites, has not found any other code that matches.

Go deeper

In photos: Protests over George Floyd's death grip Minneapolis

Protesters gather at Hennepin County Government Plaza on Thursday in Minneapolis, Minnesota.

Protests in response to the death of George Floyd, a black man who died shortly after a police encounter in Minneapolis, are ongoing as the nation waits to see if the officers involved will be charged with murder.

The state of play: Minnesota's governor on Thursday activated the state's national guard following violent outbreaks throughout the week.

Updated 4 hours ago - Health

World coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Axios Visuals

New Zealand has a single novel coronavirus case after reporting a week of no new infections, the Ministry of Health confirmed on Friday local time.

By the numbers: Nearly 6 million people have tested positive for COVID-19 and over 2.3 million have recovered from the virus. Over 357,000 people have died globally. The U.S. has reported the most cases in the world with over 1.6 million.

Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 8:30 p.m. ET: 5,803,416 — Total deaths: 359,791 — Total recoveries — 2,413,576Map.
  2. U.S.: Total confirmed cases as of 8:30 p.m. ET: 1,720,613 — Total deaths: 101,573 — Total recoveries: 399,991 — Total tested: 15,646,041Map.
  3. Public health: The mystery of coronavirus superspreaders.
  4. Congress: Pelosi slams McConnell on stimulus delay — Sen. Tim Kaine and wife test positive for coronavirus antibodies.
  5. World: Twitter slapped a fact-check label on a pair of months-old tweets from a Chinese government spokesperson that falsely suggested that the coronavirus originated in the U.S.
  6. 2020: The RNC has issued their proposed safety guidelines for its planned convention in Charlotte, North Carolina.
  7. Axios on HBO: Science fiction writers tell us how they see the coronavirus pandemic.
  8. 🏃‍♀️Sports: Boston Marathon canceled after initial postponement, asks runners to go virtual.
  9. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  10. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.