{"id":3714,"date":"2018-06-19T19:29:55","date_gmt":"2018-06-19T19:29:55","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132929"},"modified":"2018-06-19T19:29:55","modified_gmt":"2018-06-19T19:29:55","slug":"olympic-destroyer-returns-to-target-biochemical-labs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/","title":{"rendered":"Olympic Destroyer Returns to Target Biochemical Labs"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/03\/26162808\/Malware_Phishing_Attack.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year\u2019s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign \u2013 and with a wider target range.<\/p>\n<p>The new campaign began last month and is ongoing, employing spear-phishing documents that share much in common with the weaponized documents used in the <a href=\"https:\/\/threatpost.com\/olympic-destroyer-malware-behind-winter-olympics-cyberattack-researchers-say\/129918\/\" target=\"_blank\" rel=\"noopener\">Olympics attack<\/a>. According to analysis from Kaspersky Lab, these indicators \u2013 such as using a non-binary executable infection vector and obfuscated scripts to evade detection \u2013 point to the same group being behind both attacks.<\/p>\n<p>Now, however, the group is targeting financial organizations in Russia, and, of concern, biological and chemical threat prevention laboratories in Europe and Ukraine.<\/p>\n<p><strong>New Victim Profiles<\/strong><\/p>\n<p>Kaspersky Lab researchers examined some of the phishing lures to find out more about the targets, based on decoy documents, email subjects and file names. For instance, two of the decoy documents reference the Salisbury poison attack on Russian double agent Sergey Skripal and his daughter in London earlier this year.<\/p>\n<p>One of the documents observed in the attacks references the nerve agent used to poison them; another references Spiez Convergence, a biochemical threat research conference held in Switzerland. The sponsor, Spiez Laboratory, was involved in the Skripal attack investigation.<\/p>\n<p>\u201cFurther analysis of other related files suggests that the target of [yet another] document is working in the biological and epizootic threat prevention field,\u201d Kaspersky researchers said in <a href=\"https:\/\/securelist.com\/olympic-destroyer-is-still-alive\/86169\/\">a post<\/a> published Tuesday.<\/p>\n<p>The lures also suggest that they were \u201cprobably prepared with the help of a native [Russian] speaker and not automated translation software,\u201d researchers noted. For instance, one of the documents included a lure image with perfect Russian language in it, and the Cyrillic messages inside this and previous documents are in perfect Russian.<\/p>\n<p>There are ties to the Ukraine too. For instance, once the user enables the macro, a decoy document is displayed, taken very recently from the official website of the Ukrainian Ministry of Health.<\/p>\n<p>These could all be red herrings however \u2013 during the Pyeongchang attacks, Olympic Destroyer <a href=\"https:\/\/threatpost.com\/olympic-destroyer-a-false-flag-confusion-bomb\/130262\/\" target=\"_blank\" rel=\"noopener\">planted several false flags<\/a> meant to confuse and misdirect attribution efforts. Various aspects were calculated to make the threat actor look like the Lazarus APT, which is widely believed to be associated with North Korea.<\/p>\n<p>All of this makes it difficult to determine whoever is behind the latest Olympic Destroyer attacks.<\/p>\n<p>\u201cThe variety of financial and non-financial targets could indicate that the same malware was used by several groups with different interests \u2013 i.e., a group primarily interested in financial gain through cybertheft and another group or groups looking for espionage targets,\u201d researchers noted. \u201cThis could also be a result of cyberattack outsourcing, which is not uncommon among nation-state actors. On the other hand, the financial targets might be another false flag operation by an actor who has already exceled at this.\u201d<\/p>\n<p>Kaspersky Lab said that various TTPs could point to the <a href=\"https:\/\/threatpost.com\/a-closer-look-at-apt-group-sofacys-latest-targets\/130751\/\" target=\"_blank\" rel=\"noopener\">Sofacy\/Fancy Bear APT<\/a>, a well-known Russian-speaking gang, but that it can only assess this with \u201clow-to-moderate confidence.\u201d<\/p>\n<p><strong>A Sophisticated Actor<\/strong><\/p>\n<p>In any event, this shadowy group behind the attacks uses a sophisticated level of expertise when it comes to the kill chain. The infection procedure relies on multiple different technologies, mixing VBA code, Powershell and MS HTA, with JScript\u2013 and is unique enough to act as further evidence for a relationship with the <a href=\"https:\/\/threatpost.com\/olympic-destroyer-malware-behind-winter-olympics-cyberattack-researchers-say\/129918\/\" target=\"_blank\" rel=\"noopener\">Olympic\u2019s attack<\/a>.<\/p>\n<p>It starts with an embedded malicious macro in the spear-phishing document that is heavily obfuscated, the researchers noted, with a randomly-generated variable and function name. Its purpose is to execute a Powershell command.<\/p>\n<p>\u201cThis VBA code was obfuscated with the same technique used in the original Olympic Destroyer spear-phishing campaign,\u201d the researchers said. \u201cThe obfuscator is using array-based rearranging to mutate original code, and protects all commands and strings, such as the command and control (C2) server address. There is one known obfuscation tool used to produce such an effect: Invoke-Obfuscation.\u201d<\/p>\n<p>This Powershell script also disables logging in order to avoid leaving traces, and it goes on to decrypt additional payloads downloaded from Microsoft OneDrive. The decryption relies on a hardcoded 32-byte ASCII hexadecimal alphabet key \u2013 another technique used in the Olympics attack.<\/p>\n<p>After another round of Powershell scripting and decrypting, the final payload is the Powershell Empire agent, which allows fileless control of the compromised hosts for lateral movement and information-gathering.<\/p>\n<p><strong>Spy Today, Destroy Tomorrow<\/strong><\/p>\n<p>The fact that the payload is a cyberespionage tool suggests that the actors are in a reconnaissance phase. Unfortunately, this could be a prelude to something much worse, if past is prologue.<\/p>\n<p>\u201cOlympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm,\u201d the researchers said. \u201cThe sabotage stage was preceded by reconnaissance and infiltration into target networks to select the best launchpad for the self-replicating and self-modifying destructive malware.\u201d<\/p>\n<p>That larger cyber-sabotage stage was meant to \u201cdestroy and paralyze infrastructure of the Winter Olympic Games, as well as related supply chains, partners and even venues at the event location.\u201d It\u2019s possible that the same pattern will play out here.<\/p>\n<p>Kaspersky Lab is advising all bio-chemical threat prevention and research companies and organizations in Europe to strengthen their security and run unscheduled security audits.<\/p>\n<p>\u201cIt\u2019s no surprise that the actors behind successful cyberattacks that disrupted the Pyeongchang Olympics are now targeting other organizations,\u201d said Aaron Higbee, CTO and co-founder of Cofense (formerly PhishMe), via email. \u201cRegardless of the sector being targeted, phishing is a serious threat because it works, often making their way past stacks of expensive technology layers and email gateways to land in an unsuspecting user\u2019s inbox. In this case, it appears that the attackers are likely using spear-phishing emails that look like they\u2019re coming from a trusted source, a tactic our research has shown to be particularly successful.\u201d<\/p>\n<p>READ MORE <a href=\"https:\/\/threatpost.com\/olympic-destroyer-returns-to-target-biochemical-labs\/132929\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat actors appear to be in a reconnaissance phase, which could be a prelude to a larger cyber-sabotage attack meant to destroy and paralyze infrastructure. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3715,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[1417,1418,18,1419,28,1420,339,1421,1422],"class_list":["post-3714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-biochemical-labs","tag-cyberespionage","tag-hacks","tag-kaspersky-lab","tag-malware","tag-new-campaign","tag-olympic-destroyer","tag-russian-speaking","tag-sabotage"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Olympic Destroyer Returns to Target Biochemical Labs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Olympic Destroyer Returns to Target Biochemical Labs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-19T19:29:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"612\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Olympic Destroyer Returns to Target Biochemical Labs\",\"datePublished\":\"2018-06-19T19:29:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\"},\"wordCount\":974,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg\",\"keywords\":[\"biochemical labs\",\"cyberespionage\",\"Hacks\",\"Kaspersky Lab\",\"Malware\",\"new campaign\",\"Olympic Destroyer\",\"russian-speaking\",\"sabotage\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\",\"name\":\"Olympic Destroyer Returns to Target Biochemical Labs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg\",\"datePublished\":\"2018-06-19T19:29:55+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg\",\"width\":800,\"height\":612},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"biochemical labs\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/biochemical-labs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Olympic Destroyer Returns to Target Biochemical Labs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Olympic Destroyer Returns to Target Biochemical Labs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/","og_locale":"en_US","og_type":"article","og_title":"Olympic Destroyer Returns to Target Biochemical Labs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-06-19T19:29:55+00:00","og_image":[{"width":800,"height":612,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Olympic Destroyer Returns to Target Biochemical Labs","datePublished":"2018-06-19T19:29:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/"},"wordCount":974,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg","keywords":["biochemical labs","cyberespionage","Hacks","Kaspersky Lab","Malware","new campaign","Olympic Destroyer","russian-speaking","sabotage"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/","url":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/","name":"Olympic Destroyer Returns to Target Biochemical Labs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg","datePublished":"2018-06-19T19:29:55+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/olympic-destroyer-returns-to-target-biochemical-labs.jpg","width":800,"height":612},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/olympic-destroyer-returns-to-target-biochemical-labs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"biochemical labs","item":"https:\/\/www.threatshub.org\/blog\/tag\/biochemical-labs\/"},{"@type":"ListItem","position":3,"name":"Olympic Destroyer Returns to Target Biochemical Labs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/3714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=3714"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/3714\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/3715"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=3714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=3714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=3714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}