Officials confirmed that the 2018 Winter Olympics were hit with a cyber attack during the opening ceremony in PyeongChang on Friday.The \u201cservers were hacked by an unidentified attacker,\u201d reported the South Korean publication Yonhap News.At first, the attack caused internet protocol TVs to malfunction at the main press center. When organizers responded by shutting down servers to prevent more damage, it took down the Winter Olympics website. With the site down, attendees who had purchased reservations were unable to print their tickets. The Wi-Fi also went down in the PyeongChang Olympic stadium. It took about 12 hours before the website and other non-critical systems were fully restored. \u00a0The drones, which were supposed to film the two-hour opening ceremony, also failed to deploy, reported Reuters, so prerecorded footage was used instead. It was unclear if the problems with drone deployment were related to the system issues caused by the attack. An International Olympic Committee (IOC) spokesman said, \u201cDue to impromptu logistical changes it [drone deployment] did not proceed.\u201dOn Saturday, Olympic Games spokesman Sung Baik-you said it was too early to confirm a cyber attack; instead, Sung would only say \u201csome issues\u201d affected \u201cnon-critical systems,\u201d but those issues did not disrupt any event or impact the safety and security of athletes and spectators.Cyber attack confirmed, but source not revealedOn Sunday, however, organizers confirmed the cyber attack but would not reveal the source of the attack.\u201cWe know the cause of the problem, but that kind of issue occurs frequently during the Games,\u201d Sung said. \u201cWe decided with the IOC we are not going to reveal the source" of the attack.\u201cMaintaining secure operations is our purpose,\u201d said IOC spokesman Mark Adams. According to Reuters, Adams cited best international practices as the reason not to talk about the attack at this stage.\u201cWe are not going to comment on the issue. It is one we are dealing with. We are making sure our systems are secure and they are secure,\u201d he said.Russia, which was banned from the Games for doping, denied involvement in the attack, although there had been some evidence that Russian-backed hackers might have been planning an attack in retaliation for Russian's exclusion of the PyeongChang Games.Days before the Games kicked off, Russia\u2019s foreign ministry said, \u201cWe know that Western media are planning pseudo-investigations on the theme of \u2018Russian fingerprints\u2019 in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea. Of course, no evidence will be presented to the world.\u201dCyber threat warnings before the Winter Games startedIn January, McAfee Advanced Threat Research discovered a spearphishing campaign targeting organizations involved with the Olympics. The PowerShell script used image stenography techniques in order to hide the first-stage implant.At the start of February, US-CERT warned travelers to the Olympics that \u201ccyber criminals may attempt to steal personally identifiable information or harvest users\u2019 credentials for financial gain. There is also the possibility that mobile or other communications will be monitored.\u201dShortly before the Games kicked off, McAfee added that the fileless attack it previously discovered \u201cused a PowerShell implant that established a channel to the attacker\u2019s server to gather basic system-level data. What was not determined at that time was what occurred after the attacker gained access to the victim\u2019s system.\u201dThe newest McAfee report included additional information about the Korean-language, data-gathering implant Gold Dragon. The researchers concluded:The implants covered in this research establish a permanent presence on the victim\u2019s system once the PowerShell implant is executed. The implants are delivered as a second stage once the attacker gains an initial foothold using fileless malware. Some of the implants will maintain their persistence only if Hangul Word, which is specific to South Korea, is running.With the discovery of these implants, we now have a better understanding of the scope of this operation. Gold Dragon, Brave Prince, Ghost419, and RunningRat demonstrate a much wider campaign than previously known. The persistent data exfiltration we see from these implants could give the attacker a potential advantage during the Olympics.