This past winter, malware ripped through the Pyeongchang Olympics, disrupting Wi-Fi, shutting down the Olympics website, and causing generalized digital havoc. The so-called Olympic Destroyer attack gained infamy, too, for using a number of false flags to muddy attribution. Now, researchers at Kaspersky Lab say the group behind those February attacks has returned, with a new target: organizations that respond to and protect against biological and chemical threats.
While the activity Kaspersky has seen has not turned destructive, researchers there say that hackers have taken steps that echo the early groundwork laid by the Olympic Destroyer group. Using a sophisticated spearphishing technique, the group has attempted to gain access to computers in France, Germany, Switzerland, Russia, and Ukraine. The concern: That these early intrusions will escalate in the same destructive way Olympic Destroyer did.
“We’re pretty confident this is the same group,” says Kaspersky