Russian Spies Hacked The Korean Olympics

Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to US intelligence.

They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a “false-flag” operation, said two US officials who spoke on the condition of anonymity to discuss a sensitive matter. 

Officials in PyeongChang acknowledged that the Games were hit by a cyber-attack during the Feb. 9 Opening Ceremonies but had refused to confirm whether Russia was responsible. That evening there were disruptions to the Internet, broadcast systems and the Olympics website. Many attendees were unable to print their tickets for the ceremony, resulting in empty seats.

Analysts surmise the disruption was retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping violations. 

No officials from Russia’s Olympic federation were allowed to attend, and while some athletes were permitted to compete under the designation “Olympic Athletes from Russia,” they were unable to display the Russian flag on their uniforms and, if they won medals, their country’s anthem was not played.

As of early February, the Russian military agency GRU had access to as many as 300 Olympic-related computers, according to an intelligence reports.

The intelligence, which has not been publicly affirmed, is consistent with reports from private-sector analysts who have said they saw signs Russia had targeted the 2018 Olympics. It also would continue a pattern of such attempts, including during the 2016 Summer Games in Rio de Janeiro.

Apart from accessing the computers, GRU cyber-operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began, according to Western intelligence agencies. Such access could enable intelligence collection or network attacks, officials said.

It is not clear whether the disruptions during the Opening Ceremonies were the result of that access, but the development is concerning regardless, information security experts said.

“Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely,” said Jake Williams, a former National Security Agency cyber-operator and co-founder of Rendition Infosec, a cybersecurity firm.

“Development of router malware is extremely costly, and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal,” said Williams.

The GRU hackers are thought to work for the agency’s Main Center for Special Technology, or GTsST, according to intelligence agencies. That unit has been highly active in information warfare against the West and was behind the NotPetya cyberattack that crippled computers in Ukraine last year.

Two years ago, the GRU penetrated a database containing drug test results and confidential medical data, and posted information about noteworthy US athletes including tennis stars Serena and Venus Williams, four-time gymnastics gold medalist Simone Biles and women’s basketball standout Elena Delle Donne.

That action was widely seen as payback after nearly every member of Russia’s track and field team was banned from the 2016 Olympics. Numerous investigations uncovered a widespread, government-run doping scheme that dated back years.
Russia has a long history of undertaking such “active measures” against the Olympic Games, noted Thomas Rid, a professor of strategic studies at Johns Hopkins University. 

During the 1984 Olympics in Los Angeles, Soviet intelligence released fake Ku Klux Klan leaflets threatening violence against African athletes as part of an effort to embarrass the United States, he said. 

That year, the Soviet Union led a 14-nation boycott of the Games in retaliation for a US boycott of the 1980 Summer Games in Moscow, which was prompted by the Soviets’ 1979 invasion of Afghanistan. 

While “old-school” tactics relied on leaflets among other things, the Internet has provided new tools to spread disinformation. 

In this case, the GRU sought to make it appear as though the intrusions were the work of North Korean hackers by using North Korean IP addresses and other tactics, said the officials. Such deception is common for the GRU.

Washington Post

You Might Also Read: 

Russia Is Providing North Korea With Internet Connectivity:

Just Who Are Russia's Cyber Warriors?:

 

« UK Banks Fall Behind In FinTech
GDPR-Regulated Data Is Lurking In Unexpected Places »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Flatt Security

Flatt Security

Flatt Security is a cyber security startup based in Japan providing security assessments and other cyber security services.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.