Atos likely had its computer systems penetrated late last year by the hackers who carried out a cyberattack during the Winter Olympics' Opening Ceremony, according to CyberScoop.
The publication reported Wednesday that samples of the Olympic Destroyer malware deployed Friday carry indications that hackers were inside Atos systems since at least December. Some of the earliest samples posted to the VirusTotal repository came from unknown users located in France, where Atos is headquartered, as well as Romania, where some members of the Atos security team work.
Paris-based Atos is hosting the cloud infrastructure for the Pyeongchang games, according to CyberScoop. Atos and McAfee didn't immediately respond to CRN requests for comment, but Atos told CyberScoop a thorough investigation is being conducted following the issues at the opening ceremony.
“Together with our partner McAfee Advanced Threat Research, we can confirm that the cyberattack, which caused no critical disruption of the Olympic Games, used hardcoded credentials embedded in a malware," an Atos spokesperson told CyberScoop. "The credentials embedded in the malware do not indicate the origin of the attack."
The official Winter Olympics website was down for several hours Friday, disrupting ticket sales and downloads during the opening ceremony, CyberScoop reported. Local Wi-Fi networks near the Olympic site were also reported to be temporarily unavailable.
Cybersecurity professionals often upload evidence of cyberattacks that they’re responding to on VirusTotal, according to CyberScoop.
Evidence of cyberattacks on VirusTotal frequently contain details beyond the malware code itself, CyberScoop said, including stolen usernames, passwords, private email addresses, confidential internal domain names and other details about the victim organization. The evidence reviewed by CyberScoop contains a trove of information seemingly belonging to various employees of Atos.
The Atos-related information on VirusTotal was attached to Olympic Destroyer malware samples, which CyberScoop said suggests that hackers had penetrated the company in recent months. The stolen data includes Atos employee usernames and passwords, CyberScoop reported, and can be viewed if the malware samples are broken down and the "strings" further analyzed.
Cybersecurity experts told CyberScoop that the embedding of Atos employee credentials on some Olympics Destroyer malware samples suggests that the company was likely compromised by the same hackers that ultimately hit the Winter Olympics.
Security researchers with Cisco's Talos unit said Monday that the malware potentially involved in the disruption is designed to destroy data and cause mass computer failures. CyberScoop concurred with Talos researchers that whoever was behind the opening ceremonies cyberattack likely first conducted an expansive cyber-espionage operation against the Olympics.
Penetrating a key IT supply chain company like Atos may have afforded the hacker an opportunity for conducting valuable reconnaissance, CyberScoop said. Targeting a supply chain vendor that's connected to a well-guarded organization in order to infiltrate the latter is a common tactic used by both nation states and criminal hackers, according to the report.
Although it's not clear whether hackers used their apparent intrusion into Atos to affect the Olympics, CyberScoop said evidence of such a compromise is noteworthy since it illustrates the risks associated with relying on external services to store data and share internet applications in the cloud.
Atos has itself attempted to move into the cybersecurity space in recent months, making an offer in December to acquire digital security vendor Gemalto for $5.05 billion. But Gemalto rejected the bid, instead opting to be purchased by French electrical system builder and services provider Thales for $5.63 billion.
Atos first made its mark in North America by purchasing Xerox's IT outsourcing business for $1.05 billion in December 2014. Buying the $1.5 billion, 9,800-employee entity nearly tripled the size of the company' operations in the United States, with Atos becoming a primary IT services provider for Xerox and taking on its IT outsourcing customers.