EXECUTIVE SUMMARY:
The malware that surfaced during the Winter Olympics and disrupted the opening ceremony has reappeared on the scene. Seemingly designed to suggest that China or North Korea could be responsible, Olympic Destroyer malware is believed to be the work of a Russian hacking group. Now it appears the group is targeting financial institutions and firms that are responsible for addressing biological and chemical threats.
In the months leading up to the Winter Olympics, hackers sent phishing emails to organizations supporting the event’s infrastructure. As a result, cyberattackers were able to glean key information and strike the networks of organizers, suppliers, and partners tied to the games.
This time around, spearphishing is again part of the story. Wired reports, “Using a sophisticated spearphishing technique, the group has attempted to gain access to computers in France, Germany, Switzerland, Russia, and Ukraine. The concern: That these early intrusions will escalate in the same destructive way Olympic Destroyer did.”
The phishing emails are targeted and play on familiarity, serving up documents that unleash malicious macros on unsuspecting victims. One of these decoy documents referred to a biochemical threat conference organized by Switzerland-based Spiez Laboratory. Both Ars Technica and Wired note that the Swiss institute was involved in the investigation of the widely reported poisoning of a former Russian spy and his daughter in the UK. Yet another mystery that remains inconclusive.
Once again the shadowy cyber world intersects with the shadowy physical world.
Get the full story at Wired.