Russian Spies Hacked The Korean Olympics

Uploaded on 2018-03-05 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to US intelligence.

They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a “false-flag” operation, said two US officials who spoke on the condition of anonymity to discuss a sensitive matter. 

Officials in PyeongChang acknowledged that the Games were hit by a cyber-attack during the Feb. 9 Opening Ceremonies but had refused to confirm whether Russia was responsible. That evening there were disruptions to the Internet, broadcast systems and the Olympics website. Many attendees were unable to print their tickets for the ceremony, resulting in empty seats.

Analysts surmise the disruption was retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping violations. 

No officials from Russia’s Olympic federation were allowed to attend, and while some athletes were permitted to compete under the designation “Olympic Athletes from Russia,” they were unable to display the Russian flag on their uniforms and, if they won medals, their country’s anthem was not played.

As of early February, the Russian military agency GRU had access to as many as 300 Olympic-related computers, according to an intelligence reports.

The intelligence, which has not been publicly affirmed, is consistent with reports from private-sector analysts who have said they saw signs Russia had targeted the 2018 Olympics. It also would continue a pattern of such attempts, including during the 2016 Summer Games in Rio de Janeiro.

Apart from accessing the computers, GRU cyber-operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began, according to Western intelligence agencies. Such access could enable intelligence collection or network attacks, officials said.

It is not clear whether the disruptions during the Opening Ceremonies were the result of that access, but the development is concerning regardless, information security experts said.

“Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely,” said Jake Williams, a former National Security Agency cyber-operator and co-founder of Rendition Infosec, a cybersecurity firm.

“Development of router malware is extremely costly, and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal,” said Williams.

The GRU hackers are thought to work for the agency’s Main Center for Special Technology, or GTsST, according to intelligence agencies. That unit has been highly active in information warfare against the West and was behind the NotPetya cyberattack that crippled computers in Ukraine last year.

Two years ago, the GRU penetrated a database containing drug test results and confidential medical data, and posted information about noteworthy US athletes including tennis stars Serena and Venus Williams, four-time gymnastics gold medalist Simone Biles and women’s basketball standout Elena Delle Donne.

That action was widely seen as payback after nearly every member of Russia’s track and field team was banned from the 2016 Olympics. Numerous investigations uncovered a widespread, government-run doping scheme that dated back years.
Russia has a long history of undertaking such “active measures” against the Olympic Games, noted Thomas Rid, a professor of strategic studies at Johns Hopkins University. 

During the 1984 Olympics in Los Angeles, Soviet intelligence released fake Ku Klux Klan leaflets threatening violence against African athletes as part of an effort to embarrass the United States, he said. 

That year, the Soviet Union led a 14-nation boycott of the Games in retaliation for a US boycott of the 1980 Summer Games in Moscow, which was prompted by the Soviets’ 1979 invasion of Afghanistan. 

While “old-school” tactics relied on leaflets among other things, the Internet has provided new tools to spread disinformation. 

In this case, the GRU sought to make it appear as though the intrusions were the work of North Korean hackers by using North Korean IP addresses and other tactics, said the officials. Such deception is common for the GRU.

Washington Post

You Might Also Read: 

Russia Is Providing North Korea With Internet Connectivity:

Just Who Are Russia's Cyber Warriors?:

 

« UK Banks Fall Behind In FinTech
GDPR-Regulated Data Is Lurking In Unexpected Places »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

Venari Security

Venari Security

Venari is an award-winning cybersecurity SaaS provider that has developed an ETA (Encrypted Traffic Analysis) platform which fundamentally changes the way encrypted traffic is analysed.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

dWallet Labs

dWallet Labs

dWallet Labs is a cybersecurity company specializing in blockchain technology. We believe that the future of Web3 relies on cutting edge cryptography and unabated security.

Vault Cloud

Vault Cloud

Vault Cloud, Australia's National Cloud, is an Australian owned and operated company specialising in secure, sovereign, hyperscale cloud infrastructure.