The 2018 Olympic Games in PyeongChang recently concluded, but not without attempts at disruption from cyberattackers. A major telecom and IT provider was targeted with a multi-pronged campaign to gather credentials, move laterally within networks, and destroy data. It borrows bits of code from previously known campaigns, and was an aggressive effort to spread quickly and cause maximum damage to systems.
Greg Lesnewich is a threat intelligence analyst with Recorded Future’s Insikt Group, and he joins us to provide an overview of the malware campaign named Olympic Destroyer. We’ll get technical details, as well as a sense for why attribution is notoriously difficult in cases like this, and whether or not we’re seeing evidence of a false flag operation.