Malware designed to wipe computer systems may be behind a cyber attack that briefly disrupted the 2018 Winter Olympics on Friday.
As The Guardian reports, the Olympic stadium’s Wi-Fi and the PyeongChang 2018 website went offline right before the opening ceremony, preventing customers from printing out tickets, among other things.
On Sunday, Olympic organizers blamed a cyber attack, but declined to elaborate. However, security researchers at Cisco’s Talos group identified the possible culprit: a strain of Windows malware they’ve dubbed “Olympics Destroyer.”
“The malware author knew a lot of technical details of the Olympic Game infrastructure such as username, domain name, server name and obviously password. We identified 44 individual accounts in the binary,” Cisco Talos said in a Monday blog post.
Once it infects, the malware will try to harvest additional passwords from the computers in an effort to spread to other protected systems on the network. It’ll also proceed to brick the entire machine.
The malware does so by first deleting the backup copies of the Windows systems state, preventing file recovery. It’ll then modify the machine’s configuration, disabling the boot-up processes, before finally shutting the computer down.
“The sole purpose of this malware is to perform destruction of the host and leave the computer system offline,” the researchers said.
So far, it isn’t clear how the malware—a Windows file—is delivered to computers. Cisco Talos noticed the malware over the weekend when a sample was uploaded to Virus Total, an online library for malware. The team then corroborated its findings with data taken from the company’s security products.
It also isn’t known who was behind the attack, but the malicious code is similar to two ransomware attacks from last year called BadRabbit and NotPetya. All three use the same communication channel technique to execute the infection process, Cisco Talos said. Both strains affected PCs in Ukraine; authorities there blamed Russian state-sponsored hackers.
In 2016, suspected Russian hackers also targeted the World Anti-Doping Agency, and leaked medical files from US Olympians.
Russia has denied any involvement with state-sponsored hacking. Last week, the Kremlin went as far to predict that Western media would blame the country for any cyber attacks that disrupted the Olympic Games. Russia itself has been banned from this year’s Olympics over doping allegations.