The cyberattack directed against Paris-based digital services firm Atos was quickly contained and did not result in any employee data loss, the company said in a statement to CRN.
Atos, which handles cloud infrastructure, security and other IT functions for the International Olympic Committee, experienced a service disruption that caused the official 2018 Winter Olympics website to crash for several hours on Feb. 9, according to a Cyberscoop report published earlier this week.
Atos, which confirmed the attack took place during the opening ceremony, is asserting that the incident caused "no critical disruption" of the Pyeongchang games.
"The situation was quickly identified, stopped and controlled, and did not trigger any data leakage," the company stated through a spokesperson. "There has been no damage to our infrastructure nor to our clients. The virus has been cleaned, and as a result, all systems and infrastructure remain robust and stable. With regard to Olympic games, no competitions were ever affected, and the team is continuing to work to ensure the Olympic Games are running smoothly."
Atos added that intensive investigations are being conducted in coordination with the authorities and its partners, which include McAfee Advanced Threat Research.
According to Cyberscoop, samples of the Olympic Destroyer malware carry indications that hackers were inside Atos systems since at least December. The outlet reviewed evidence of the attack, which was uploaded to VirusTotal, and wrote that it discovered large amounts of information seemingly belonging to Atos employees.
Atos has been the IOC's IT partner since 2001, but 2018 marks the first time it has been responsible for cloud hosting. The company has been remotely managing its orchestrated hybrid infrastructure offering, Canopy Cloud, as well as its security operations center (SOC) from "competence" centers located in Europe.
CRN spoke with Atos in late January about the nature and scope of its IOC partnership. Marta Sanfeliu, COO for Olympics and major events, said during the interview that Atos successfully defended 570 million security events during the 2016 Summer Olympics and saw no impact on the games.
However, Sanfeliu also noted that the company was expecting a much stiffer security challenge in Pyeongchang, based on a risk assessment conducted beforehand. Atos for the first time has also set up two SOCs on-site at the Olympics – each manned by three positions staffed on a 24-by-7 basis – which are connected to a third continuously operating SOC based in Europe.
"Threats might be seen somewhere else that will have an effect in Pyeongchang," Sanfeliu said. "Politically, a lot of information in the media is making it an appealing target for some cyberattackers … It's important you have all the different intelligence connected."