Malware Alert Olympic Destroyer is still alive, Kaspersky reports

Spawn

Administrator
MalwareTips Staff
Verified
Joined
Jan 8, 2011
Messages
17,382
OS
Windows 10
Antivirus
Microsoft
#1
Read full report - Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. The sabotage stage was preceded by reconnaissance and infiltration into target networks to select the best launchpad for the self-replicating and self-modifying destructive malware.
"We decided to keep tracking the group and set our virtual ‘nets’ to catch Olympic Destroyer again if it showed up with a similar arsenal. To our surprise it has recently resurfaced with new activity.

In May-June 2018 we discovered new spear-phishing documents that closely resembled weaponized documents used by Olympic Destroyer in the past. This and other TTPs led us to believe that we were looking at the same actor again. However, this time the attacker has new targets. According to our telemetry and the characteristics of the analyzed spear-phishing documents, we believe the attackers behind Olympic Destroyer are now targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine. They continue to use a non-binary executable infection vector and obfuscated scripts to evade detection."


Simplified infection procedure
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,651
OS
Other OS
#3
Not that I would run Comodo anyway, but in testing, it throttled the heck out of highspeed internet connections. Specifically, it literally cannot handle anything much over 300Mbps and slices it directly in half on my testing. Never mind 1000/1000. That renders it unusable, regardless of any supposed mythical qualities of it.

Unless they've fixed the horrendously coded FWD in it?
 

davisd

Level 18
Verified
Joined
Feb 2, 2016
Messages
889
OS
Windows 10
Antivirus
Cylance
#10
I wonder how many regular home users outside security forums/blogs, disable wscript, powershell, uninstall java if not used, etc, to reduce all those attack vectors? :unsure: It's crazy that people want Windows systems to work out of the box right after install, and then you get blamed that you waste their time "instaling something" .. because they already have Chrome icon on desktop, wtf drivers, settings, passwords needed for...???!!!