SWITCH TO LIGHT MODE
© 2020 AO Kaspersky Lab. All Rights Reserved.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information. If you reject, you will be taken back to the site you came from.
OUR ORIGINAL SERIES
Latest stories of our network
© 2020 AO Kaspersky Lab. All Rights Reserved.
Sign up for the best news in technology
Newsletter
To receive information about new articles and services of tomorrowunlocked.com I know that I may withdraw my consent at any time. More information in the privacy policy.
The final instalment of our series hacker:HUNTER Olympic Destroyer examines how Pyeongchang winter Olympics hackers put smokescreen to misdirect cybersecurity analysts. But through the fog, analysts realized the culprit wasn't who you might expect.
“Like placing someone else’s fingerprints at the crime scene.”
<p>If successful, the 2018 Pyeongchang cyberattack could have cost billions of dollars, leaving a canceled Olympics and a geopolitical disaster in its wake. Their deceptive methods meant the cybercriminals nearly got away with it. Why did they want to point the analysts at another group? And who was behind it all?</p>Threat attribution – what is it?
<p>Cybercriminals don't leave a calling card, but they do leave evidence. The art of finding and using that evidence to find the culprit is known as threat attribution.</p><p>Threat attribution is forensic analysis for <a href="https://www.tomorrowunlocked.com/pyeongchang-olympics-malware-cyberattack" target="_blank">advanced persistent threats (APTs)</a>. It analyzes the attackers' 'fingerprints,' such as the style of their code, where they attack and what kinds of organizations they target. Attacks can be matched with the fingerprints of other attacks attributed to specific groups.</p>Cybercriminals carry special ‘fingerprints’
<p>Hackers have their own set of tactics, techniques and procedures. Cybersecurity experts can identify threat actors by studying these elements.</p><p>In February 2016, <a href="https://media.kaspersky.com/en/business-security/enterprise/threat-attribution-engine-whitepaper.pdf" target="_blank">hackers attempted to steal $851 million US dollars and siphoned $81 million US dollars from the Central Bank of Bangladesh</a>. The attack was linked to notorious cyber espionage and sabotage group <a href="https://en.wikipedia.org/wiki/Lazarus_Group" target="_blank" rel="noopener noreferrer">Lazarus Group</a>. Lazarus attacks casinos, financial institutions, and investment and cryptocurrency software developers.</p><p><a href="https://www.kaspersky.com/cyber-crime-lazarus-swift" target="_blank" rel="noopener noreferrer">Lazarus has certain targets and ways of attacking</a>: Infecting a website employees of a targeted organization often visit or finding a vulnerability in one of their servers. These are the 'fingerprints' used in threat attribution. </p>Finding a needle within in a needle in a haystack
<p>Crucially, Lazarus Group is long thought to be linked to North Korea. Olympic Destroyer included a piece of Lazarus's malware code, but the type of attack didn't fit. Its fingerprints better matched a cluster of attacks by another group with a very different agenda.</p><p>Watch the full video to see if you knew who the hacker was all along.</p><p>This APT might not have worked, but over the years, others have. To see what a successful APT looks like, watch <a href="https://www.youtube.com/watch?v=9Vh2n6nC0t4&ab_channel=Kaspersky" target="_blank">Chasing Lazarus: A hunt for the infamous hackers to prevent big bank heists</a>.</p>From Your Site Articles
- Tomorrow Unlocked > hacker : HUNTER ›
- Tomorrow Unlocked > Unravelling the 2018 Pyeongchang Olympic ... ›
Related Articles Around the Web
Read More
Read Less
Security researchers described the code used to attack the 2018 Pyeongchang winter Olympics as 'Frankenstein-like.' In part two of our video series, hacker:HUNTER Olympic Destroyer, they explain how the malware was designed to point in multiple directions.
Who would dare to hack the Olympics?
<p>The designer of an extraordinary piece of code lodged it in a system where it remained undetected for months. Part two of hacker:HUNTER Olympic Destroyer explores the nature of the attack, its process and why 'Frankenstein-like' code made it one of the most mysterious advanced persistent threat (APT) attacks in history.</p><p>Olympic Destroyer was the perfect example of an APT. What are they, and why are they so harmful?</p>APTs attack over time
<p>APTs are sophisticated hacks that often wait for the perfect time to strike to create maximum damage. They lodge themselves in a system and steal critical data over weeks, months or years. Those behind these attacks build complex software for intentional damage – from espionage and sabotage to data theft.</p>Highly organized groups use APTs
<p>APTs are notoriously associated with highly organized groups. They attack high-status targets like countries or large corporations, notably in manufacturing and finance, aiming to compromise high-value information like intellectual property, military plans and sensitive user data.</p><p>Their high-profile targets will have secure networks and defenses, so threats must stay undetected as long as possible. The longer the attack goes on, the more time attackers have to map the system and plan to steal what they want.</p><p>Motives behind attacks vary, from harvesting intellectual property to gaining advantage in an industry, to stealing data for use in fraud. One thing is clear: APTs cause severe damage.</p>The ‘perfect’ APT
<p>Olympic Destroyer was the perfect APT. A highly-organized group attacked a national Olympic committee, and it worked.</p><p>The 'confusion bomb' had been undetected in the computer system for four months, biding its time to strike. Being in the system gave them time to find weak spots and pain points to make the attack more devastating. When it finally surfaced, all hell broke loose.</p>Crippling the whole IT system
<p>By directly attacking the Olympics' data centers in Seoul, South Korea, Olympic Destroyer cut employees' access to network computers. Because Wi-Fi was out, Olympic building security gates stopped working, coverage stopped, and the whole infrastructure went offline. The Pyeongchang IT team was staring down the barrel of a potential geopolitical disaster.<br><br>Stay tuned for episode three, where we unravel the IT team's ingenious response and find out who did it. Any guesses? Go to <a href="https://www.tomorrowunlocked.com/guardians/hacker_hunter/" target="_self">hacker:HUNTER</a> to stay up to speed.</p>From Your Site Articles
Related Articles Around the Web
Read More
Read Less
Five digital defenders, one goal: Protecting us every day
The Defenders of Digital video series profiles tech experts who guard the digital world. We'll soon launch season two, but for now, these are the five people whose stories started it all. They're critical to our future: they make our digital world safe, free, open and functional. Who are they, and what motivates them?
Episode 1: Eva Galperin returns victims’ privacy
<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="eb32b42b1a5fd7123605a2440fb90591"><iframe lazy-loadable="true" src="https://www.youtube.com/embed/_xqEldPA_xA?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span><p>Eva Galperin was outraged by a hacker who abused women then threatened to compromise their devices if they spoke out. She has since become the most powerful voice in the fight against stalkerware, and in doing so, helped thousands of victims get their privacy back.</p>Episode 2: Einar Otto Stangvik identifies photo thieves
<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="57c89b3ed713fa8b300a5ea219fff816"><iframe lazy-loadable="true" src="https://www.youtube.com/embed/PQsBiXnuiho?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span><p>Security specialist Einar Otto Stangvik wanted to use his programming skills to do more than make money. He developed software to identify hackers stealing and sharing private photos from iCloud backups. One hacker turned out to be a prominent public figure.</p><p>Now Stangvik is onto an even more ambitious project that will help vulnerable children.</p>Episode 3: Salvi Pascual uncensors the internet for Cubans
<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="2f5d671b7f1cfa100f662786ac1a04b7"><iframe lazy-loadable="true" src="https://www.youtube.com/embed/dFiTmDMCaiA?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span><p>Salvi Pascual knows the heavily censored Cuban media and internet well. When he moved to the US, friends started asking him to send them online content they wanted. It turned into a business, but getting around government controls had Pascual's team always on their toes. Soon, they'd developed a solution that's uncensored the internet for thousands of Cubans.</p>Episode 4: Giorgio Patrini finds fakes for humanity
<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="5f5330b8c32b927b8a1d2f6ed8863c74"><iframe lazy-loadable="true" src="https://www.youtube.com/embed/EBBMT_DvjqI?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span><p>Giorgio Patrini is fighting back against the constant threat of fake news.</p><p>'Deepfakes' is the disturbing phenomenon of videos or audio that use AI-based algorithms to substitute one person for another. Nearly indistinguishable from the real thing, they're used to harass, blackmail and commit fraud. But Patrini knew when technology creates a problem, it can also create a solution.</p>Episode 5: Kira Rakova gives us back privacy control
<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="9e63c6a736a50e6a6260f74515711b47"><iframe lazy-loadable="true" src="https://www.youtube.com/embed/sxJ8S4fOpBU?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span><p>Kira Rakova believes our digital footprint is like a private journal. A breach of private online information is like publishing someone's diary without their consent. While there is increasing concern over personal data being used to manipulate and defraud, not everyone understands the risks and what they can do about them.</p><p>That's where Rakova and her team come in. They use privacy auditing to help people regain control of their data.</p>Watch out for Defenders of Digital series two
<p>You've seen the first series of Defenders of Digital. Soon, we'll bring you a new series with changemakers from around the globe.</p><p>Subscribe to <a href="https://www.youtube.com/tomorrowunlocked" target="_blank">Tomorrow Unlocked on YouTube</a> for the latest episodes. </p>From Your Site Articles
Related Articles Around the Web
Read More
Read Less