• First known sample

  • Discovery

  • Current status

  • Type

  • Targeted platforms

  • TOP targeted countries

    France , Germany , Netherlands , Russia , Switzerland , Ukraine
  • Connected attacks

  • The way of propagation

    Spear-phishing with malicious documents
  • Purpose/Functions

    Cybersabotage , Data theft
  • Special features

    The group is known for an elaborate use of false flags in order to trick the security community about who is behind an attack.

  • Targets

    Financial institutions , biological and chemical threat prevention organizations in EU
  • Description

    This APT group is behind the infamous Olympic Destroyer attack, which took down the Olympic infrastructure a few days after the opening ceremony of the 2018 Winter Olympics in Pyeonchang, South Korea. They then shifted their attention to financial organizations in Russia and biological and chemical threat prevention laboratories in Europe and Ukraine. Their attacks typically start with a reconnaissance stage followed by a cyber-sabotage stage. They are perhaps most well-known for their elaborate use of false flags, which initially tricked the cyber community into believing the attack against the Olympics was carried out by Lazarus.

    Additional information