Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Government

How the 2018 Olympic Cyberattack Was Traced To Russian Hackers (wired.com) 29

Sparrowvsrevolution writes: In a lengthy article, Wired tells a newly detailed narrative of the cyberattack on the 2018 Winter Olympic games, which hit the Olympics network during the opening ceremony. The piece details how the malware used in that attack was designed to incorporate multiple sophisticated false flags, and how forensic analysts overcame those red herrings to eventually trace the attack to a specific unit of Russia's GRU military intelligence agency.
It's a good read. Wired calls it "perhaps the most deceptive hacking operation in history," but they finally get an answer from a 28-year-old former anarchist punk turned security researcher at the Reston, Virginia, office of the security and private intelligence firm FireEye. The tell-tale clue: the malware used "a certain common set of hacking tools called PowerShell Empire." He soon deduced that the source of that signal in the noise was a common tool used to create each one of the booby-trapped documents. It was an open source program, easily found online, called Malicious Macro Generator. Michael Matonis speculated that the hackers had chosen the program in order to blend in with a crowd of other malware authors, but it had ultimately had the opposite effect, setting them apart as a distinct set... When he looked at the command and control servers that the malware connected back to -- the strings that would control the puppetry of any successful infections -- all but a few of the IP addresses of those machines overlapped too...

Matonis began painstakingly checking every IP address his hackers had used as a command and control server in their campaign of malicious Word document phishing; he wanted to see what domains those IP addresses had hosted... At the end of his long chain of internet-address connections, Matonis had found a fingerprint that linked the Olympics attackers back to a hacking operation that directly targeted the 2016 US election. Not only had he solved the whodunit of Olympic Destroyer's origin, he'd gone further, showing that the culprit had been implicated in the most notorious hacking campaign ever to hit the American political system.

This discussion has been archived. No new comments can be posted.

How the 2018 Olympic Cyberattack Was Traced To Russian Hackers

Comments Filter:
  • by Anonymous Coward
    The NSA is just getting better and better at impersonating Russia. Soon they will be almost believable.
  • Russian Hackers? (Score:3, Informative)

    by Anonymous Coward on Sunday October 27, 2019 @07:52AM (#59352138)

    Oh, you mean those friends of Putin who is the one pulling you know who's strings.
    This was just a dry run for the elections in a years time. Russia wants Trump to get another 4 years.

  • So it was (Score:4, Interesting)

    by AHuxley ( 892839 ) on Sunday October 27, 2019 @08:28AM (#59352230) Journal
    North Korea first for real, then Romanian something, but geopolitical motivations so it had to be Russia?
    But Windows security? Found the "apparent Russian calling cards"?
    But "no clear code matches"...
    Lets keep reading...
    North Korean again ...
    But wait for the Russia did it...
    Its "Chinese government"?
    How much reading until it Russia, Russia, Russia?
    IP addresses...
    Ukrainian?
    Finally GRU ...
    From an IP range and some Cyrillic?
    Why would the GRU let its code litter be seen/found... ?
    Few people found the GCHQ, CIA, MI6 code litter in the wild...
    yet "GRU" is found "Cyrillic" code litter and ip range in the code?
    The world gets to read about the methods used to track the GRU? In real time? No waiting 30-40 years? For some approved author to mention something about US cyber in a book 40 years later?
    To protect US methods?
    • If GRU actually left "a calling card" then it would be AKSU-74, accidentally dropped and forgotten while they were hacking their servers with a crowbar.
    • by UWM ( 1162951 )
      "Enigmas have no solution. Drawing upon the overall umbrella of events surrounding the crime and the multitude of players and events, paint the entire affair as too complex to solve. This causes those otherwise following the matter to begin to lose interest more quickly without having to address the actual issues."

      https://cryptome.org/2012/07/gent-forum-spies.htm
  • Look at these comments!

    The Putin Propaganda Posse is in full force today. I would recommend everyone make themselves aware of the common methods employed by online actors.

    https://cryptome.org/2012/07/gent-forum-spies.htm

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...