Tokyo Olympics 2021 has threat samples targetting it, finds FortiGuard Labs. It includes a wiper component, which, if successful, could cause a disruption to targeted machines. The previous attack targeting the Olympics was documented during the 2018 Winter Games. The lure was a malicious Word document titled, “Russian figure skater won the PyeongChang Winter Olympics in South Korea.doc.” Once the user opened the document, the sample called and dropped a backdoor component, called Icefog.
The threat actor group responsible for Icefog is very methodical. Targets are carefully chosen, and the group seems to know what they are after beforehand. Icefog leveraged a older vulnerability in Windows common controls—relying on the fact that many system administrators, especially those in organizations with a large number of computers often find patching cumbersome.
In the wee hours of the Tokyo Olympics 2021 an interesting Wiper malware surfaced that reminded us of the same destructive malware that targeted the Pyeongchang Winter Games. This one is called “Olympic Destroyer”. As this is an ongoing event, FortiGuard Labs is monitoring the situation and will provide relevant updates for significant findings as they are uncovered.
“As society becomes increasingly reliant on technology, and as the world is more connected than ever, attacks by threat actors are not only more prevalent but also more disruptive. Because of the variety of agendas held by different malicious entities including—cybercriminals, hacktivists, nation states, etc.—attacks and disruptions targeted at high profile events are easy targets for sowing chaos, distributing malware, capturing or exfiltrating data, or even shutting down an event altogether. But regardless of the purpose, mass disruption and fear almost always occurs whether that was the intended goal of the attackers or not.” said Rajesh Maurya, regional vice president, India and SAARC, Fortinet.