Russian Spies Hacked The Korean Olympics

Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to US intelligence.

They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a “false-flag” operation, said two US officials who spoke on the condition of anonymity to discuss a sensitive matter. 

Officials in PyeongChang acknowledged that the Games were hit by a cyber-attack during the Feb. 9 Opening Ceremonies but had refused to confirm whether Russia was responsible. That evening there were disruptions to the Internet, broadcast systems and the Olympics website. Many attendees were unable to print their tickets for the ceremony, resulting in empty seats.

Analysts surmise the disruption was retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping violations. 

No officials from Russia’s Olympic federation were allowed to attend, and while some athletes were permitted to compete under the designation “Olympic Athletes from Russia,” they were unable to display the Russian flag on their uniforms and, if they won medals, their country’s anthem was not played.

As of early February, the Russian military agency GRU had access to as many as 300 Olympic-related computers, according to an intelligence reports.

The intelligence, which has not been publicly affirmed, is consistent with reports from private-sector analysts who have said they saw signs Russia had targeted the 2018 Olympics. It also would continue a pattern of such attempts, including during the 2016 Summer Games in Rio de Janeiro.

Apart from accessing the computers, GRU cyber-operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began, according to Western intelligence agencies. Such access could enable intelligence collection or network attacks, officials said.

It is not clear whether the disruptions during the Opening Ceremonies were the result of that access, but the development is concerning regardless, information security experts said.

“Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely,” said Jake Williams, a former National Security Agency cyber-operator and co-founder of Rendition Infosec, a cybersecurity firm.

“Development of router malware is extremely costly, and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal,” said Williams.

The GRU hackers are thought to work for the agency’s Main Center for Special Technology, or GTsST, according to intelligence agencies. That unit has been highly active in information warfare against the West and was behind the NotPetya cyberattack that crippled computers in Ukraine last year.

Two years ago, the GRU penetrated a database containing drug test results and confidential medical data, and posted information about noteworthy US athletes including tennis stars Serena and Venus Williams, four-time gymnastics gold medalist Simone Biles and women’s basketball standout Elena Delle Donne.

That action was widely seen as payback after nearly every member of Russia’s track and field team was banned from the 2016 Olympics. Numerous investigations uncovered a widespread, government-run doping scheme that dated back years.
Russia has a long history of undertaking such “active measures” against the Olympic Games, noted Thomas Rid, a professor of strategic studies at Johns Hopkins University. 

During the 1984 Olympics in Los Angeles, Soviet intelligence released fake Ku Klux Klan leaflets threatening violence against African athletes as part of an effort to embarrass the United States, he said. 

That year, the Soviet Union led a 14-nation boycott of the Games in retaliation for a US boycott of the 1980 Summer Games in Moscow, which was prompted by the Soviets’ 1979 invasion of Afghanistan. 

While “old-school” tactics relied on leaflets among other things, the Internet has provided new tools to spread disinformation. 

In this case, the GRU sought to make it appear as though the intrusions were the work of North Korean hackers by using North Korean IP addresses and other tactics, said the officials. Such deception is common for the GRU.

Washington Post

You Might Also Read: 

Russia Is Providing North Korea With Internet Connectivity:

Just Who Are Russia's Cyber Warriors?:

 

« UK Banks Fall Behind In FinTech
GDPR-Regulated Data Is Lurking In Unexpected Places »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Vaadata

Vaadata

Vaadata are experts in ethical hacking. We secure your web, mobile and IoT platforms.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.