Atos, which is a French company who is an IT partner of IOC (International Olympic Committee), was hacked right before the opening ceremony of Pyeongchang Winter Olympic and there is a possibility that it can be related to cyber attack that occurred on the opening day. Atos is a Cloud infrastructure business for Pyeongchang Winter Olympic.
CyberScoop announced that Atos’ network was penetrated in last December. Pyeongchang Winter Olympic is the world’s first Cloud computing Olympic. Although past Olympics established IDC (Internet Data Center) mostly at host cities, Atos has been operating its IDC from Netherland based on the results of matches. IDCs in South Korea and other countries are connected through their own designated lines. IDCs in South Korea and IDCs in foreign countries are responsible for game operation and services of results from events respectively.
CyberScoop presented information that came up on a global malware analysis service called ‘VirusTotal’ as an evidence. Initial sample of malware called Olympic Destroyer, which was found on the 9th of February, was uploaded on VirusTotal from France and Romania. Atos has its headquarters in France and its security team works is stationed in Romania. Sample of Olympic Destroyer that was uploaded on VirusTotal included an user credential of Atos employee.
Although CyberScoop was not sure on how hackers were able to illegally obtain so much information related to Olympic, but it believed that hackers penetrated major supply network of IT businesses and carried out their reconnaissance. Hackers usually hack into weakest supply network in order to penetrate a main target.

Photo Image
<Homepage of Atos>

Olympic Destroyer works as a worm that spreads on its own and it automatizes search process for stealing user accounts before accessing into a different system. Hackers effectively infected malware within limited environments. CyberScoop explained that malware that destroys data of large sporting events such as Olympics can cause serious confusion in game operation.
CyberScoop reported that Atos is currently investigating incidences related to Pyeongchang Olympic. “We have been thoroughly investigating after hacking attack occurred on the opening day.” said a spokesperson for Atos. “We are going to figure out these malware by working with our security partner called McAfee Advanced Threat Research and planning to cooperate with relevant authorities.”
After analyzing Olympic Destroyer, Cisco Talos believed that hackers secretly penetrated systems by utilizing remote management tools such as ‘PsExec’. Olympic Destroyer, which is a destructive malware, deletes shadow copies and event logs and makes computers disabled by moving within network through normal programs such as PsExec and WMI. Talos announced that there is a possibility that Olympic infrastructures were already penetrated before the opening day of Pyeongchang Olympics as user credentials that were hard-coded inside of malware were seem to be used. Talos analyzed that hackers were trying to confuse Pyeongchang Organizing Committee for the 2018 Olympic during the opening day with their attacks.
Staff Reporter Kim, Insoon |