TechSpot has some additional, minor, new information about the suspected Russian cyber attack during the Pyeongchang 2018 Winter Olympics opening ceremony:
Malware writers don’t exactly leave a calling card in their code so determining who caused an attack is often difficult. What we do know so far is that the attack, dubbed “Olympic Destroyer,” lasted under an hour on Friday and targeted users with an @pyeongchang2018.com email address. This caused the Pyeongchang 2018 website to go down and briefly interrupted some video streams.
The malware works by turning off the infected machine’s services, destroying the boot information and generally rendering the machine unusable. One surprising characteristic is that it does show some restraint and does not appear to cause maximum damage. Rather than deleting all of the system’s files, it only targets the boot information. A trained technician can restore the data relatively quickly.
Olympic Destroyer’s spreading and targeting techniques resemble that of NotPetya and BadRabbit, pieces of malware the CIA and others in the security community have attributed back to Russia.
Given that Russia was banned from competing at the Olympics due to the doping scandal, they are naturally the prime suspect. For their part, they have stated that “We know that Western media are planning pseudo-investigations on the theme of ‘Russian fingerprints’ in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea.”
As the article rightly states, the general public will likely never know who was responsible for this attack.