Hackers who sabotaged the Olympic games return for more mischief

Enlarge (credit: National Archives Archeological Site)

The advanced hacking group that sabotaged the Pyeongchang Winter Olympics in February has struck again, this time in attacks that targeted financial institutions in Russia and chemical- and biological-threat prevention labs in France, Switzerland, the Netherlands, and Ukraine, researchers said.

The new campaigns began last month with spear-phishing emails that were designed to infect targeted companies with malware that collected detailed information about their computers and networks. One of the malicious Word documents referred to Spiez Convergence, a biochemical threat conference that's organized by the Spiez Laboratory, which played a key role in the investigation of the poisoning in March of a former Russian spy in the UK. UK government officials have said Russia was behind the poisoning. A second document targeted health and veterinary control authorities in Ukraine.

Researchers from Moscow-based Kaspersky Lab said that documents in the phishing emails closely resemble those used to infect organizers, suppliers, and partners of the Winter Olympic Games in the months preceding the February Pyeongchang attack. These initial infections allowed the attackers to spend months developing detailed knowledge of the networks supporting the games. One of the key reasons the malware dubbed Olympic Destroyer was so successful in disrupting the Olympics was that it used this knowledge to sabotage the networks. The discovery of a new phishing campaign by the same group raises the possibility that they are intended to support new sabotage hacks.

Read 8 remaining paragraphs | Comments