Latest in Gear

Image credit: Reuters/Pawel Kopczynski

Olympic hackers may be attacking chemical warfare prevention labs

Russia is once again a potential culprit.
203 Shares
Share
Tweet
Share

Sponsored Links

Reuters/Pawel Kopczynski

The team behind the 2018 Winter Olympics hack is still active, according to security researchers -- in fact, it's switching to more serious targets. Kaspersky has discovered that the group, nicknamed Olympic Destroyer, has been launching email phishing attacks against biochemical warfare prevention labs in Europe and Ukraine as well as financial organizations in Russia. The methodology is extremely familiar, including the same rogue macros embedded in decoy documents as well as extensive efforts to avoid typical detection methods.

While Kaspersky didn't directly point fingers, it brought up a number of clues suggesting that Russia was responsible. Most of the lab targets were people associated with an upcoming biochemical threat conference run by Spiez Laboratory, which just happened to be involved in the investigation of the nerve agent poisoning of former Russian double agent Sergei Skripal and his daughter Yulia. Also, Kaspersky noted that the custom images and messages in the documents were in "perfect" Russian, and one of them specifically references the Skripal attack (conveniently, a piece where scientists couldn't definitively came from Russia).

So why target Russian financial outfits, then? Kaspersky acknowledged that there could be multiple parties involved (say, profit-oriented crooks in addition to state-sponsored attackers). However, it's generally accepted that Russia tried to frame North Korea for the Olympic hack. It's entirely possible that the Russian targets amounted to a false flag meant to cast doubt on the true origins of the attack. The focus on labs and the Skripal connection may have been meant to rattle the West for daring to attribute assassination attempts to Russia.

It may be difficult to completely prevent campaigns like this when political tensions are so high. Kaspersky believes the labs can curb this in the future, however, such as tightening their overall security and running impromptu security audits. It's also a reminder to be cautious -- a seemingly innocuous attachment can have dire consequences.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
203 Shares
Share
Tweet
Share

Popular on Engadget

Bungie pulls popular gun from 'Destiny 2' after discovering exploit

Bungie pulls popular gun from 'Destiny 2' after discovering exploit

View
Google to fix 'bug' that uploads free full-quality iPhone pics to Photos

Google to fix 'bug' that uploads free full-quality iPhone pics to Photos

View
Instagram test helps you choose people to unfollow

Instagram test helps you choose people to unfollow

View
Qantas completes record 19-hour flight to test limits of air travel

Qantas completes record 19-hour flight to test limits of air travel

View
The best trackballs

The best trackballs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr