Kaspersky analyzed OlympicDestroyer as a destructive worm used against Pyeongchang Winter Olympics infrastructure and related organizations, disrupting Wi-Fi, ticketing, displays, and other IT systems. The malware combined credential theft, PsExec-based propagation, and a wiper that targeted remote network shares, cleared event logs, deleted shadow copies, disabled recovery options, stopped services, and rebooted systems. The investigation connected the incident to earlier spearphishing against Winter Olympics targets that used weaponized Office documents, PowerShell downloaders, RC4-based backdoors, and similar URL and cookie structures. The report explicitly warns against quick attribution because the operation contained false flags and only notes that other researchers observed similarities to BlueNorOff/Lazarus-linked loader code, rather than assigning responsibility to a DPRK actor.