Olympic Destroyer
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Olympic Destroyer](https://attack.mitre.org/software/S0365) is malware that was used by [Sandworm Team](https://attack.mitre.org/groups/G0034) against the 2018 Winter Olympics, held in Pyeongchang, South Korea. The main purpose of the malware was to render infected computer systems inoperable. The malware leverages various native Windows utilities and API calls to carry out its destructive tasks. [Olympic Destroyer](https://attack.mitre.org/software/S0365) has worm-like features to spread itself across a computer network in order to maximize its destructive impact.(Citation: Talos Olympic Destroyer 2018)(Citation: US District Court Indictment GRU Unit 74455 October 2020)
Associated Techniques (14)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.001 | LSASS Memory | - |
| T1016 | System Network Configuration Discovery | - |
| T1018 | Remote System Discovery | - |
| T1021.002 | SMB/Windows Admin Shares | - |
| T1047 | Windows Management Instrumentation | - |
| T1070.001 | Clear Windows Event Logs | - |
| T1135 | Network Share Discovery | - |
| T1485 | Data Destruction | - |
| T1489 | Service Stop | - |
| T1490 | Inhibit System Recovery | - |
| T1529 | System Shutdown/Reboot | - |
| T1555.003 | Credentials from Web Browsers | - |
| T1569.002 | Service Execution | - |
| T1570 | Lateral Tool Transfer | - |
Used by Actors (1)
Metadata
| ID: | 131 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |