The Pyeongchang Winter Olympics organizing committee confirmed on Sunday that a malware attack was responsible for disruptions to the Olympics’ network before and during opening ceremonies on Friday. Just before the opening ceremony, the official website for the Winter Games went down, leaving attendees unable to print tickets for events or get venue information. The site wasn’t restored until 8am Saturday morning. Multiple networks went down, including the Wi-Fi network in the stadium and the network in the Olympic press center.
The cause was an apparent “wiper” malware attack that had spread throughout the Pyeongchang Games’ official network using stolen credentials. The network was not fully restored until 8am local time on Saturday, a full 12 hours after the attack began, The Guardian reported.
In a blog post today, Cisco Talos Intelligence researchers Warren Mercer and Paul Rascagneres revealed that Talos had identified (“with medium confidence”) some of the malware used in the attack. It has not been determined how the malware was introduced into the network, but the binaries examined by Talos showed the attacker had intimate knowledge of the Pyeongchang network’s systems.