Researchers at Kaspersky Lab have revealed that the malware that caused crippling sabotage on networks during their year’s Winter Games in Pyeongchang, South Korea, has returned.
Olympic Destroyer caused digital havoc during the games, and while the activity seen by Kaspersky has not yet turned destructive, early indicators suggest similar activity and point to the same group behind both attacks.
This time, however, the group look to be targeting financial organisations in Russia, and worryingly, biological and chemical threat prevention laborites throughout Europe and the Ukraine.
Tactics include spearphishing emails that present themselves as coming from a college or acquaintance with a decoy document attached. The emails target specific groups associated with an event, with every document opened triggering a malicious micro allowing multiple scripts that enable access to the target computer to run in the background.
Researchers at Kaspersky noted that lures suggest that they were “probably prepared with the help of a native [Russian] speaker and not automated translation software,” along with ties to the Ukraine, too.
That said, during the Winter Games Destroyer planted several false flags that were meant to confuse and misdirect attribution, making it very difficult to determine the group behind the latest attacks.
In a post from the website, Kaspersky concluded: “The best thing we can do as researchers is to keep tracking threats like this. We will keep monitoring Olympic Destroyer and report on new discovered activities of this group.”