On October 19, 2020, the UK uncovered malicious cyber activities by the Russian military intelligence agency GRU against organizations involved in the 2020 Olympic and Paralympic Games, before they were postponed to Tokyo in the summer.
The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also revealing details of the GRU’s attacks on the 2018 Winter Olympic and Paralympic Games today in Pyeongchang, Republic of Korea.
The National Cyber Security Center (NCSC), part of GCHQ, has great confidence that these attacks were carried out by GRU’s Main Center for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear. Details were released after the US Department of Justice announced criminal charges against Russian military intelligence officers, the f or the GRU’s cyber unit, for conducting cyber attacks against the 2018 Winter Games and other cyber attacks. In the 2018 Games attacks, the GRU’s cyber unit tried to disguise itself as North Korean and Chinese hackers when targeting the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the Games.
The GRU deployed data-wiping malware against Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter. The NCSC ruled the incident was intended to sabotage the staging of the Olympic and Paralympic Winter Games, as the malware was designed to wipe and disable data from computers and networks. Administrators worked to isolate the malware and replace affected computers to prevent possible disruption.