Security

How Malicious Hackers are Competing for Notoriety at the 2018 Olympics

Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games.

Last updated: September 15, 2025

An avatar of the author
Anna Ralph
Olympic rings lit atop a dark stadium roof, illustrating the 2018 Winter Games as a high-profile target for cyber attacks
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article examines the Olympic Destroyer nation-state cyber attack during the PyeongChang Winter Games, which used a self-propagating worm to disrupt Wi‑Fi, the official website, ticketing and IT systems, and to destroy data by corrupting boot records. It highlights the operational impact of such attacks—service outages, loss of access to accounts and tickets, and erosion of trust—and explains how attackers scan DNS and move laterally to find and obliterate targeted information. The piece emphasizes that defenses require multiple measures such as backups, network segmentation, and proactive policy controls informed by DNS traffic patterns to anticipate and counter sophisticated, well‑resourced adversaries.

What was Olympic Destroyer and how did it impact the PyeongChang Olympics' IT systems?

Olympic Destroyer was a sophisticated, nation‑state supported worm that targeted the PyeongChang Olympics’ infrastructure. It propagated automatically from machine to machine within the network, scanned DNS to locate specific information, and destroyed data on infected machines — including parts of their boot records — causing reboots that prevented systems from loading. Operational impacts included interrupted Wi‑Fi, the official Olympics website being taken down, and users being unable to access tickets, accounts, and other essential services, effectively stalling IT operations.

Why is the fact that Olympic Destroyer was a nation‑state attack particularly concerning?

The article stresses that nation‑state sponsorship is alarming because such actors operate with virtually unlimited resources and advanced capabilities, enabling highly complex, well‑structured attacks. Unlike common cybercrime motivated by theft, nation‑state attackers may aim principally to disrupt and undermine trust in institutions and events, using destruction rather than or in addition to exfiltration. This strategic intent, combined with deep sophistication, raises the bar for defenders and reduces the effectiveness of single‑tool solutions, making preparedness and layered defenses essential.

What practical defensive measures does the article recommend to guard against attacks like Olympic Destroyer?

The article recommends a multi‑pronged defensive approach rather than relying on any single silver‑bullet solution. Key measures include maintaining reliable backups of data and implementing network segmentation to limit lateral movement. It also advises applying policy controls informed by observed patterns in network traffic and DNS data to anticipate attacker behavior and get ahead of their tactics. Overall, defenders should analyze DNS signals and other internal insights to understand adversary movement and prepare proactive controls.

Over the past couple of weeks, all eyes have been on the athletes competing on the world’s biggest stage at the Winter Olympic Games. However, there is one malevolent event for which there is no medal ceremony. Cybercriminals have been using the Olympics as a way to gain international notoriety. And like any fierce competitor, these malicious actors are flexing their skills to show the world exactly what they’re capable of.

It was reported that Russian hackers targeted the Olympics’ opening ceremonies with an extremely complex, well-structured cyber attack, dubbed “Olympic Destroyer”. This “worm within the Olympic infrastructure that caused a denial-of-service attack”interrupted wifi access, shut down the official PyeongChang Olympics website, and prevented people from accessing their tickets, accounts, and other information. Long story short, it completely stalled their IT systems.

Now cyber attacks are a dime a dozen, but it’s not the cyber attack itself that is worrying. What’s most unsettling about Olympic Destroyer is that it was a nation-state attack, perpetrated and supported by a government with zero budget constraints and extremely sophisticated capabilities. After being banned from this year’s Olympics with only certain athletes allowed to compete under the Olympic flag as “Olympic Athletes from Russia”, it is not unlikely that this was an act of revenge.

This is not surprising. A big motivating factor behind many cyber attacks is not necessarily data theft, but simply disruption – to cause chaos and wreak havoc on institutions, events, and organizations that people trust every day. They launch these attacks to compromise trust – not to take data, but just to show that no one is safe.  

“Olympic Destroyer is designed to automatically jump from machine to machine within a target network and destroy certain data on the machine, including part of its boot record, rebooting machines and then preventing them from loading.”

Olympic Destroyer went into the network and as the worm spread, it scanned the DNS to figure out where certain information was. As it traveled laterally throughout, it found the data it was looking for, and then simply blew it up. This relatively new wave of malware does not choose between scavenging for and exfiltrating data, or destroying data – it does both.

“To guard against […] attacks, the best defense is for organizations to know their enemy.”

With these things move fast and furiously, what can IT organizations do? First off, there is no silver bullet, no matter what anyone tells you. There is no singular solution or tool that will keep you 100% secure, but there are measures you can take to bolster your security posture, like backing up your data and segmenting your network. Secondly, they know your security tactics. So it’s important to get a step ahead of potential cyber attackers by applying policy controls based on the patterns within your network traffic. 

It’s about anticipating their plans, knowing their movements and being cognizant of hints and insights inside your DNS data. After all, attackers design these things with you, the target, in mind, 

so it’s time that you get inside their heads

.

Published in:

Security

Published on: February 22, 2018

An avatar of the author

Anna is a passionate content writer who’s always eager to learn something new about cyber security.

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more