Malware News Olympic Destroyer is still alive, Kaspersky reports

[Ink]

Content source

https://securelist.com/olympic-destroyer-is-still-alive/86169/

Read full report - Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. The sabotage stage was preceded by reconnaissance and infiltration into target networks to select the best launchpad for the self-replicating and self-modifying destructive malware.

"We decided to keep tracking the group and set our virtual ‘nets’ to catch Olympic Destroyer again if it showed up with a similar arsenal. To our surprise it has recently resurfaced with new activity.

In May-June 2018 we discovered new spear-phishing documents that closely resembled weaponized documents used by Olympic Destroyer in the past. This and other TTPs led us to believe that we were looking at the same actor again. However, this time the attacker has new targets. According to our telemetry and the characteristics of the analyzed spear-phishing documents, we believe the attackers behind Olympic Destroyer are now targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine. They continue to use a non-binary executable infection vector and obfuscated scripts to evade detection."

Simplified infection procedure​

 

[cruelsister]

Oh Lord, please KMN! If one uses a Security Product that actually works one need not worry about such crap:

 

[ForgottenSeer 58943]

Not that I would run Comodo anyway, but in testing, it throttled the heck out of highspeed internet connections. Specifically, it literally cannot handle anything much over 300Mbps and slices it directly in half on my testing. Never mind 1000/1000. That renders it unusable, regardless of any supposed mythical qualities of it.

Unless they've fixed the horrendously coded FWD in it?

 

[cruelsister]

That's curious- my Inet speed Rocks with or without Comodo. Maybe that's just me...

 

[mamamia]

Is Olympic Destroyer detected by Kaspersky?.

 

[cruelsister]

The original, Yes. A morph by Ophelia- No.

 

[SumTingWong]

Comodo Firewall is too advanced for me.

 

[cruelsister]

Sum- Not at all; it is the easiest thing to use. Set it as I suggest (30 seconds), then relax for the rest of your life.

 

[SumTingWong]

Sum- Not at all; it is the easiest thing to use. Set it as I suggest (30 seconds), then relax for the rest of your life.

Ehhh.....I don't know. I am not 100% paranoid, so I think I will stick with Windows Firewall.

 

[Deleted Member 3a5v73x]

I wonder how many regular home users outside security forums/blogs, disable wscript, powershell, uninstall java if not used, etc, to reduce all those attack vectors? It's crazy that people want Windows systems to work out of the box right after install, and then you get blamed that you waste their time "instaling something" .. because they already have Chrome icon on desktop, wtf drivers, settings, passwords needed for...???!!!