Beware! 2018 “Olympic Destroyer” Worm and It’s Hackers are Still Active

News have recently broken out that the same hacking group who have been detected to spread the malware, known as “Olympic Destroyer” to still be active and targeting different threat prevention facilities all over Europe and financial facilities in Russia.

The malware has first gained popularity back during the Winter Olympic Games held in Pyeongchang, SouthKorea. Back then, it was quicky established that the malicious code is a part of a cyber-sabotage hack which is spreading a destructive worm and is most likely targeting organizations’ networks in order to conduct reconnaissance and also self-replicate while remaining undetected. Security experts have reported the malware to be a part of a very well organized operation. But even though the hack was organized, the attackers behind this malware have made some pretty serious mistakes which helped users to detect and also prove evidence of the hack.

The Activity and End Goal of Olympic Destroyer

The Olympic Destroyer’s goal was to enter organizations and look for digital signatures and forge these signatures in order to make it seem as if the malware was made by Lazarus APT, a hacking entity, believed t be from North Korea. However, security researchers quickly came down to the conclusion that the malware may not have been made by Lazarus at all. In addition to this, the malware was linked to several Chinese hackers as it has code from different threat actors, like the some people who were behind BadRabbit and the famous Netya ransomware viruses.

Furthermore, researchers have concluded that the infection procedure of the new variant of the Olympic Destroyer has been made to be more sophisticated than before, but in terms of infection methods, it was optimized and simplified by the attackers. It is now using the following technologies to infect systems and self-propagate:

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Vencislav Krustev. Read the original post at: