Pyeongchang Winter Olympics that took place in South Korea was disrupted by cyber attack, which took down most of the systems including ticketing, WI-FI devices, televisions, and media rooms in the stadium during the opening ceremony.
It was identified to be wiper malware named “Olympic Destroyer” that was built with focus on taking down the systems and wiping out the data. “Olympic Destroyer” is weaponized to delete/wipe out all the files, shadow copies and event logs making the system unusable even for recovery.
Similar to Not-Petya and BadRabbit that were surfaced in 2017, “Olympic Destroyer” uses windows features Psexec and WMI for lateral moments and named-pipes as a channel for communication between itself for execution.
Last week one of our sensors has collected the sample and this post is an overview of the analysis been made by BluSapphire.
MD5 Hash: cfdd16225e67471f5ef54cab9b3a5558