The website and internal systems of the Games were taken offline during the opening ceremony in Pyeongchang on Friday, after hackers detonated their probes inside the network.
Media outlets had problems reporting on the showpiece event because the attack knocked out the WiFi.
Analysis by researchers at Talos, the cybersecurity intelligence wing of Cisco, identified the malware involved - which it calls "Olympic Destroyer".
Speaking to Sky News, Warren Mercer, the technical leader at Talos, said the attackers aimed to "cause disruption and potential embarrassment" to Olympic organisers.
Although it is not clear how they accessed the systems, Talos warned it was possible the Olympic infrastructure had previously been compromised because the code included credentials that were known prior to the attack.
Mr Mercer said that although damage was caused - taking the website offline so people could not print their tickets - the value of this was subjective.
However, he warned the hackers could have used their access to cause much more damage. They also left a "calling card" on the network to show they could return.
Experts have expected state-sponsored Russian hackers to target the Games after the country's team was excluded from competing by the International Olympic Committee (IOC) over the 2014 Sochi doping scandal.
In 2016, a cyber-espionage group which researchers called Fancy Bear was condemned for stealing information from the World Anti-Doping Agency (WADA) about US athletes and publishing it online.
The Russian Foreign Ministry had denied the nation was involved in the attack on the Pyeongchang opening ceremony.
It stated: "We know that Western media are planning pseudo-investigations on the theme of 'Russian fingerprints' in hacking attacks... Of course, no evidence will be presented to the world."
Talos has not attributed the attack but said the malware worked similarly to code called BadRabbit and Nyeta (or NotPetya) which devastated computers in Ukraine.