Malware News Olympic Destroyer is still alive, Kaspersky reports

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Read full report - Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. The sabotage stage was preceded by reconnaissance and infiltration into target networks to select the best launchpad for the self-replicating and self-modifying destructive malware.
"We decided to keep tracking the group and set our virtual ‘nets’ to catch Olympic Destroyer again if it showed up with a similar arsenal. To our surprise it has recently resurfaced with new activity.

In May-June 2018 we discovered new spear-phishing documents that closely resembled weaponized documents used by Olympic Destroyer in the past. This and other TTPs led us to believe that we were looking at the same actor again. However, this time the attacker has new targets. According to our telemetry and the characteristics of the analyzed spear-phishing documents, we believe the attackers behind Olympic Destroyer are now targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine. They continue to use a non-binary executable infection vector and obfuscated scripts to evade detection."


Simplified infection procedure
 
F

ForgottenSeer 58943

Not that I would run Comodo anyway, but in testing, it throttled the heck out of highspeed internet connections. Specifically, it literally cannot handle anything much over 300Mbps and slices it directly in half on my testing. Never mind 1000/1000. That renders it unusable, regardless of any supposed mythical qualities of it.

Unless they've fixed the horrendously coded FWD in it?
 
D

Deleted Member 3a5v73x

I wonder how many regular home users outside security forums/blogs, disable wscript, powershell, uninstall java if not used, etc, to reduce all those attack vectors? :unsure: It's crazy that people want Windows systems to work out of the box right after install, and then you get blamed that you waste their time "instaling something" .. because they already have Chrome icon on desktop, wtf drivers, settings, passwords needed for...???!!!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top