Skip to main content

Olympic Destroyer malware falsely attributed to North Korea

(Image credit: Image Credit: JMiks / Shutterstock)

The Olympic Destroyer malware was falsely attributed to North Korean hackers, cybersecurity experts have claimed.

Researchers from Kaspersky Lab have said that the malware, which temporarily paralysed systems just before the opening ceremony of the 2018 Winter Olympics in Pyeongchang, has been analysed multiple times, and all conclusions have been pointing to the Lazarus group.

This is an infamous group which has been linked with a number of high-profile and highly damaging cyberattacks in the past couple of years.

However, cybersecurity experts from Kaspersky Lab are saying that the Olympic Destroyer malware has been carefully designed to look as if it was created by Lazarus which, in fact, it was not.

“To our knowledge, the evidence we were able to find was not previously used for attribution. Yet the attackers decided to use it, predicting that someone would find it. They counted on the fact that forgery of this artefact is very hard to prove," said said Vitaly Kamluk, head of APAC research team, Kaspersky Lab.

"It’s as if a criminal had stolen someone else’ DNA and left it at a crime scene instead of their own. We discovered and proved that the DNA found on the crime scene was dropped there on purpose. All this demonstrates how much effort attackers are ready to spend in order to stay unidentified for as long as possible. We’ve always said that attribution in cyberspace is very hard as lots of things can be faked, and Olympic Destroyer is a pretty precise illustration of this."

“Another takeaway from this story for us is that attribution is has to be taken extremely seriously. Given how politicised cyberspace has recently become, the wrong attribution could lead to severe consequences and actors may start trying to manipulate the opinion of the security community in order to influence the geopolitical agenda,” he added.

The Olympic Destroyer malware shut down monitors, killed Wi-Fi networks and disabled the website so that the visitors couldn’t print their tickets. It was removed before Winter Olympics kicked off.

Image Credit: JMiks / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.