Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
October 27, 2019 11:34 am

How the 2018 Olympic Cyberattack Was Traced To Russian Hackers

Sparrowvsrevolution writes: In a lengthy article, Wired tells a newly detailed narrative of the cyberattack on the 2018 Winter Olympic games, which hit the Olympics network during the opening ceremony. The piece details how the malware used in that attack was designed to incorporate multiple sophisticated false flags, and how forensic analysts overcame those red herrings to eventually trace the attack to a specific unit of Russia's GRU military intelligence agency. It's a good read. Wired calls it "perhaps the most deceptive hacking operation in history," but they finally get an answer from a 28-year-old former anarchist punk turned security researcher at the Reston, Virginia, office of the security and private intelligence firm FireEye. The tell-tale clue: the malware used "a certain common set of hacking tools called PowerShell Empire." He soon deduced that the source of that signal in the noise was a common tool used to create each one of the booby-trapped documents. It was an open source program, easily found online, called Malicious Macro Generator. Michael Matonis speculated that the hackers had chosen the program in order to blend in with a crowd of other malware authors, but it had ultimately had the opposite effect, setting them apart as a distinct set... When he looked at the command and control servers that the malware connected back to -- the strings that would control the puppetry of any successful infections -- all but a few of the IP addresses of those machines overlapped too... Matonis began painstakingly checking every IP address his hackers had used as a command and control server in their campaign of malicious Word document phishing; he wanted to see what domains those IP addresses had hosted... At the end of his long chain of internet-address connections, Matonis had found a fingerprint that linked the Olympics attackers back to a hacking operation that directly targeted the 2016 US election. Not only had he solved the whodunit of Olympic Destroyer's origin, he'd gone further, showing that the culprit had been implicated in the most notorious hacking campaign ever to hit the American political system.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-lkjB8rpW7E/how-the-2018-olympic-cyberattack-was-traced-to-russian-hackers

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot