Before the winter Olympics even began this year the IT department was already having some issues. The internal WIFI and the television systems that were going to be used by journalists were not responding. On Friday, they shrugged it off and said nothing, but on Sunday they had to admit that they had in fact been hacked. Even then it was unclear what the motive was or what exactly they did, but as the days pass we are getting more information.
So the details are a bit sketchy but this is the information we have gathered so far. This malware doesn’t seem to have Espionage or ransom as motive (Although nothing is written in stone) but as of now none of the experts have been able to find any type of information being taken. This malware, they are calling Olympic Destroyer, seems to only be interested in infecting computers and then deleting critical files once inside to make the pc inoperable. This makes it a Data Wiper Malware however this is the first time they have seen malware that mutates each time it affects another computer.
This malware grabs the list of credentials from one computer and then generates a new binary for itself. Each time it attacks and grabs credentials it updates the list of credentials it had hard coded within itself. Another thing the experts were able to find out is how they initially got into the network. It seems that this group used EternalRomance which was among the tools the hacker group Shadow Brokers stole from the NSA.
How the attack is carried out and what type of attack is chosen can go a long way in order to determine who actually might have done it. No data seems to have been stolen, no computers have been held for ransom, so the list of usual suspects grows smaller. As of now everything is pointing towards Russian hackers as payback for Banning Russia in the Olympics.