A brief cyberattack struck the Olympic Games Friday night, and experts think Fancy Bear, a hacking group widely believed to be directed by Russia's foreign intelligence service, could be responsible.
For about 45 minutes on Friday night, some Olympic computers and networks, including Wi-Fi systems, were hit with malicious software that targeted users with a @pyeongchang2018.com email address.
The cyberattack took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony, which resulted in an unusually high number of empty seats.
Security experts said they had uncovered evidence that the attack had been in the works since late last year. It was directed at the Pyeongchang Organizing Committee and incorporated code that was specifically designed to disrupt the Games or perhaps even send a political message.
BuzzFeed interviewed a lead researcher at Cisco Talos which examined the malware that struck the Olympics' systems. He says the code was designed to wipe out whole systems, but instead, made just enough of a mark to send a message.
“It’s a very interesting change of pace from other types of wiper malware,” said Craig Williams, the company’s senior technical leader. "I read this as the attacker was trying to send the victim a message — they’re clearly saying ‘I could have wiped your data, and I have full access to your systems, and I could have destroyed it, but instead I just kinda turned off your services, deleted your boot record, and turned your machine off.’”
No one has been able to pin the attack on Fancy Bear yet, but circumstantial evidence points to the group.
The malware that hit the 2018 Olympics was written on Dec. 27, Meyers said, and his team observed a Fancy Bear campaign in November and December that stole credentials of users with @pyeongchang2018.com email address and mapped out their owners’ networks. His team noticed other hackers targeting Olympic targets in recent weeks, but only Fancy Bear had conducted such a campaign before that malware was written.
Adding to the curious nature of this attack, as BuzzFeed notes, Russia denied hacking days before any hack actually took place.
In a preemptive statement on Wednesday — before the Olympic cyberattacks had actually taken place — the Russian Ministry of Foreign Affairs denied responsibility.
“We are aware that the Western Olympic Games in the Republic of Korea are based on pseudo-investigations that reveal the ‘Russian trace’ in hacking attacks on information resources,” the ministry said. “One gets the impression that a number of states have already grown accustomed to attributing all of their domestic political problems to Russia's alleged cyber interference.”
As The Olympics Deal With A Cyberattack, All Eyes Are On Russia (BuzzFeed News)
Organizers looking into 'possible attack' on internet, Wi-Fi (AP)
Cyberattack Caused Olympic Opening Ceremony Disruption (NYT)