Feb 12, 2018

What we know about the Olympic malware attack

Participants in the opening ceremony for the Pyeongchang Olympics on Feb. 9, 2018. Photo: Kyodo News via Getty Images

The newly discovered malware known as "Olympic Destroyer" was specifically designed to attack the Olympics, researchers have found, although the first batch of investigations haven't been able to pin point the source.

How it works: Like the name suggests, Destroyer is purely destructive. Unlike ransomware, it does not extort money, and the malware doesn't steal files. Instead, it deletes backup files on a system and tampers with files needed to boot a computer, making it impossible to boot without repair. It does not delete the main files or programs on a computer.

Why that matters: Researchers at Cisco's Talos division speculate that, without a backup, tech support would won't restore the hard drive to a state where the malware is totally wiped. The attacker can then relaunch the same attack over and over again.

  • The malware uses hard-coded network credentials for Olympic systems and any credentials it comes across, allowing it to attack other computers on the same network.
  • Changing the hard-coded credentials could then set loose another attack.
  • The attackers would have had to steal credentials before programming it into the malware.

Who's behind it: Adam Meyers, Vice President of Intelligence at Crowdstrike, notes that Fancy Bear, one of the believed Russian groups thought to be behind the Democratic National Committee breach, hacked a number of Olympic-affiliated systems in November and December. The malware was compiled in late December. That might hint at Russian involvement.

  • Possible motive: Russia feels that being all but barred from the Olympics for widespread doping is a slight against the nation. In the 2016 Olympics, when Russian athletes were banned in bulk, a lead Fancy Bear is believed to have hacked the World Anti Doping Agency.
  • Yes, but: The timeline of attacks doesn't necessarily attribute it to Russia, Meyers said.
  • Maybe China? The firm Intezer found that Olympic Destroyer shared "significant" chunks of computer code with believed Chinese-affiliated espionage groups. That does not mean China is behind the attack so much as someone using Chinese computer code is behind the attack. But Intezer, which operates a code analysis system similar to automated plagiarism detection websites, has not found any other code that matches.

Go deeper

Coronavirus spreads to more countries, and South Korea ups its case count

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The novel coronavirus continues to spread to more nations, and the U.S. reports a doubling of its confirmed cases to 34 — while noting those are mostly due to repatriated citizens, emphasizing there's no "community spread" yet in the U.S. South Korea's confirmed cases jumped from 204 on Friday to 433 on Saturday.

The big picture: COVID-19 has now killed at least 2,362 people and infected more than 77,000 others, mostly in mainland China. New countries to announce infections recently include Israel, Lebanon and Iran.

Go deeperArrowUpdated 32 mins ago - Health

Centrist Democrats beseech 2020 candidates: "Stand up to Bernie" or Trump wins

Bernie Sanders rallies in Las Vegas, Nevada on Feb. 21. Photo: Mario Tama/Getty Images

Center-left think tank Third Way urgently called on the Democratic front-runners of the 2020 presidential election to challenge Sen. Bernie Sanders on the South Carolina debate stage on Feb. 25, in a memo provided to Axios' Mike Allen on Saturday.

What they're saying: "At the Las Vegas debate ... you declined to really challenge Senator Sanders. If you repeat this strategy at the South Carolina debate this week, you could hand the nomination to Sanders, likely dooming the Democratic Party — and the nation — to Trump and sweeping down-ballot Republican victories in November."

Situational awareness

Warren Buffett. Photo: Daniel Zuchnik/WireImage

Catch up on today's biggest news:

  1. Warren Buffett releases annual letter, reassures investors about future of Berkshire Hathaway
  2. Greyhound bars immigration sweeps
  3. U.S. military officially stops offensive operations in Afghanistan
  4. America's future looks a lot like Nevada
  5. Centrist Democrats beseech 2020 candidates: "Stand up to Bernie" or Trump wins