Earlier this year, a cyberattack dubbed "Olympic Destroyer" was carried out against Winter Olympics during the games' opening ceremonies. As we reported at the time, the hack took down numerous internet and TV services related to the event including the official Olympics website.
A couple weeks later, intelligence officials found information suggesting Russia may have been behind the attack, intending to frame North Korea. At the time, little information was provided to back those claims up but that's changing now.
According to a Kaspersky Labs research team, the Olympic Destroyer cyberattack was performed by a third party who purposely left behind false clues with the intention of framing the "Lazarus Group" – a hacking group reportedly aligned with North Korea – for the incident.
"Attackers are becoming smarter and they know that creating the ultimate false flag is the ultimate defense," Kaspersky's director of global research Vitaly Kamluk said during a cybersecurity conference in Cancun, Mexico. "We managed to find 100 percent proof that [the malware signatures] were forged. It was to confuse the general public," Kamluk later added.
The research team in question came to this conclusion after examining the Olympic Destroyer malware's "Rich Header" section. Upon digging deeper into the code, researchers found "several inconsistencies" in the code that didn't quite line up with the code found in previous Lazarus attacks in the past. Though the team's full findings are quite technical, you can view them here.
Kamluk likened the false flag operation to a criminal stealing someone else's DNA and leaving it at a crime scene. "We discovered and proved that the DNA found on the crime scene was dropped there on purpose," he said.
In short, hackers intentionally left behind a digital "fingerprint" designed to give a "100 percent match" with previous Lazarus cyberattack code. However, the "motives and other inconsistencies in tactics, techniques and procedures" Kaspersky's researchers discovered paint a different picture. Indeed, it would make little sense for North Korea to carry out a cyberattack against the games while their own athletes were in attendance.
Kamluk likened the false flag operation to a criminal stealing someone else's DNA and leaving it at a crime scene. "We discovered and proved that the DNA found on the crime scene was dropped there on purpose," Kamluk said.
If this information is true, it's certainly troubling news. While the Olympic Games cyberattack was not nearly as destructive as the "NotPetya" ransomware attack that took place back in June, its implications are potentially worse as it suggests hackers' skills are advanced enough now to throw even the most talented cybersecurity experts off their trail.