Skip to main content

Russia accused of “false flag” attack on Olympic opening

posted onFebruary 26, 2018
by l33tdawg

The cyber-attack that disrupted some networks and servers at the opening of the Winter Olympics in PyeongChang left a number of conflicting forensic clues about its source. The attack used a blend of techniques, tools, and practices that blended the fingerprints of threat groups connected to North Korea, China, and Russia.

But according to a report by Ellen Nakashima of the Washington Post, US intelligence officials have determined with some confidence that the attack was in fact a "false flag" operation staged by individuals working on behalf of a Russian intelligence agency—an attack that went as far as to route traffic through IP addresses associated with North Korea to mask the attack's origin.

In the wake of the February 9 attack, which affected web servers and network routers connected to the Winter Games organizing committee—including the press center's network, public Wi-Fi networks, and Web servers associated with ticket sales for the Games' events—several security firms rapidly assessed malware connected to the attack. Initial evaluation of the malware showed some commonalities in techniques with NotPetya, the "wiper" malware attributed to Russia by UK and US intelligence. Cisco's Talos Labs later revised its report, originally published on February 12, after discovering that the malware samples actually used credential-stealing tools to obtain logins and passwords and then wrote those credentials into the code used to spread the infection across the network.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th