How the 2018 Winter Olympics cyberattack tracked down Russian to hackers

The host’s computer system was hacked during the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea. The cyberattack damaged the Winter Olympics website, broadcasting system and venue system, and many attendees were unable to print e-tickets for the opening ceremony, resulting in a large number of empty seats.

Russia has been banned from the Winter Olympics because of a doping scandal, and the IOC has allowed Russian athletes to compete in their personal capacity. U.S. intelligence officials believe the russian hackers were behind the attack. Wired published a lengthy article revealing how the Winter Olympics cyberattack tracked down Russian hackers.


The prime suspect in any cyberattack in South Korea is usually North Korea, but at a time when North Korea is showing a friendly attitude, Kim Jong-un has even sent his sister as a diplomatic ambassador to the Winter Olympics, so why should North Korea undermine the atmosphere? The other suspect is Russia, which clearly has good reason to launch a cyberattack. But what about the evidence?

Michael Matonis, a security researcher employed by FireEye, noticed that the attacker used an open source program called PowerShell Empire to create a document while analyzing a Word document embedded with a malicious program. Using similar documents, he found fingerprints left by the attackers, linking the 2016 U.S. election hacking, the 2017 attacks on different LGBT groups in Ukraine, all the way to a division of the Russian military intelligence agency, the GRU.

Add a Comment

Your email address will not be published. Required fields are marked *