It now appears that the hackers who disrupted the Winter Olympics Opening Ceremony in Pyeongchang, by taking down its website and baulking ticket sales, had been embedded in the supply chain for several weeks.
Atos, the International Olympic Committee’s France-based IT service partner, is investigating a possible breach of its systems back in December, which allowed the attackers to launch their Olympic Destroyer malware – a fast-moving computer worm that can scan and steal user credentials and also destroy data. Atos is hosting the cloud infrastructure for the Winter Olympics.
This latest high-profile incursion illustrates once again the dangers of outsourcing cloud storage to external suppliers. Both criminal and state-sponsored hackers have previously exploited supply chain vendors as a way of penetrating the defences of heavily-protected target organisations.