Skip to main content

Olympic Destroyer malware falsely attributed to North Korea

(Image credit: Image Credit: JMiks / Shutterstock)

The Olympic Destroyer malware was falsely attributed to North Korean hackers, cybersecurity experts have claimed.

Researchers from Kaspersky Lab have said that the malware, which temporarily paralysed systems just before the opening ceremony of the 2018 Winter Olympics in Pyeongchang, has been analysed multiple times, and all conclusions have been pointing to the Lazarus group.

This is an infamous group which has been linked with a number of high-profile and highly damaging cyberattacks in the past couple of years.

However, cybersecurity experts from Kaspersky Lab are saying that the Olympic Destroyer malware has been carefully designed to look as if it was created by Lazarus which, in fact, it was not.

“To our knowledge, the evidence we were able to find was not previously used for attribution. Yet the attackers decided to use it, predicting that someone would find it. They counted on the fact that forgery of this artefact is very hard to prove," said said Vitaly Kamluk, head of APAC research team, Kaspersky Lab.

"It’s as if a criminal had stolen someone else’ DNA and left it at a crime scene instead of their own. We discovered and proved that the DNA found on the crime scene was dropped there on purpose. All this demonstrates how much effort attackers are ready to spend in order to stay unidentified for as long as possible. We’ve always said that attribution in cyberspace is very hard as lots of things can be faked, and Olympic Destroyer is a pretty precise illustration of this."

“Another takeaway from this story for us is that attribution is has to be taken extremely seriously. Given how politicised cyberspace has recently become, the wrong attribution could lead to severe consequences and actors may start trying to manipulate the opinion of the security community in order to influence the geopolitical agenda,” he added.

The Olympic Destroyer malware shut down monitors, killed Wi-Fi networks and disabled the website so that the visitors couldn’t print their tickets. It was removed before Winter Olympics kicked off.

Image Credit: JMiks / Shutterstock