The OlympicDestroyer worm that attacked the 2018 Pyeongchang Olympics was falsely attributed by the malware creator to match it with North Korean hackers.

In February 2018, the Pyeongchang Olympics—the Winter Olympic Games—experienced a cyberattack that temporarily paralyzed their IT systems before the official opening ceremony. The malware shut down display monitors, killed the Wi-Fi, and took down the Olympics website, inconveniencing visitors since they were unable to print tickets.

In their latest research Moscow-headquartered Kaspersky Lab, a cybersecurity company, found out that a false flag was placed inside the OlympicDestroyer worm by the malware creator so that the attack gets attributed to North Korean hackers.

The malware not only breached the Olympics IT system but also disabled the operation of ski gates and ski lifts at several ski resorts in South Korea. According to Kaspersky Lab team who had collected 100% evidence, all the conclusions pointed them to Lazarus—an infamous nation state backed group who had been connected to a number of highly-damaging cyberattacks in the past.

This was concluded upon finding a unique trace left by the attackers which consisted of a combination of certain features of the code development environment stored in the files that was used as a fingerprint. In the sample analyzed by Kaspersky Lab, the fingerprint gave a 100% match with previously known Lazarus malware components.

However, upon further verification into the collected evidences Kaspersky concluded that the set of features didn’t match the code, but were carefully designed to perfectly match with the fingerprint used by Lazarus, making the features of the malware a sophisticated false flag.

There has been no reports about the economic impact of the OlympicDestroyer malware. According to Accenture, cyberattacks have cost organizations nearly $11.7 million on an average annually. The report also notes that the cyberattacks have increased to 27.4% from 102 to 130 with certain attacks like WannaCry and Petya crippling the functioning of many large corporates and government organizations.