Olympic Destroyer is a malicious application that was targeted at the Winter Olympic Games organizers and partners. Apparently, the event’s partners who were affected by this Trojan contacted cybersecurity specialists just a few days after the opening ceremony. Specialists revealed that the malware is a self-propagating infection that is capable of stealing sensitive information. No doubt, such a threat could have made things difficult for the Olympics’ organizers, so it is fortunate that they were able to receive help from specialists early on. If you want to know more about Olympic Destroyer, for example, how it might have been distributed or how it worked on infected devices, we invite you to read the rest of this article.
It seems Olympic Destroyer’s developers used spear-phishing attacks to reach their targets. Spear-phishing is an email attack targeted at a specific person, organization, or business. It could be carried out with an intent to trick a victim into revealing sensitive information or opening a malicious file that would install malware on a targeted computer. Usually, spear-phishing emails seem to come from a reliable source. Often, it might even look like the email comes from the same company and someone the recipient of phishing email knows personally.
Moreover, researchers believe Olympic Destroyer might have been distributed through infected Microsoft Word documents. It is thought these emails could have contained a text full of what it should have looked like random characters. Unsuspecting victims might have thought the text in such documents was unreadable because of some error. However, specialists believe that if they clicked the provided Enable Contents button, they might have unknowingly executed malicious .exe files that installed backdoors on a system and allowed Olympic Destroyer to get in.
Despite being detected early on, Olympic Destroyer managed to cause some trouble for Winter Olympic Games organizers before they contacted cybersecurity specialists. It would seem, the hackers behind this Trojan were able to shut down display monitors, disable Wi-Fi, and even take down the Olympic website. However, the organizers did not wait long to contact cybersecurity specialists, and as a result, many similar attempts to disrupt work of the event’s organizers were stopped in time.
After taking a closer look at Olympic Destroyer, specialists found out that it has worm capabilities. It spreads from one computer to another connected to the same network. Apparently, while doing so, the malware was collecting various login credentials, which might have made it easier for it to spread. Also, it appears the malicious application not only collected data but also destroyed files located infected systems. As if it was not enough already, it appears the threat also managed to erase shadow copies, reset backups, and even disable recovery tools. All of it might have been done to disrupt Olympic organizer's and their partner's work.
In truth, it is said that Olympic Destroyer could have made much more damage, but for some reason, its creators chose not to. Researchers guess that they might have only wanted to test the threat without drawing too much attention. One way or the other, knowing there will probably be more vicious threats like it in the future, it is vital to learn how to avoid them. No doubt, in this case, it might have helped if employees knew how to recognize spear-phishing attacks.
Also, we would like to remind that regular home users are often targeted with phishing attacks. Thus, to protect yourself, you have to be careful about to whom you give your email address as well as be careful will all emails that come from unknown senders or Spam. If you want to see whether you would be able to recognize phishing emails, we recommend checking Google Phishing Quiz. Plus, it might be easier to keep your system safe if you employ a reliable security tool. It can help you check suspicious files received/downloaded from the Internet as well as warn you about various threats.