The Paris Olympic games are facing an unprecedented threat with security experts warning that state-level hackers are aiming to seriously disrupt the global sporting event with cyber attacks and disinformation campaigns.
Dr Jamie Collier, a threat expert at Mandiant, Google’s cyber security firm, believes that state-sponsored threats from Russia and China potentially represent the most severe threat to the games which will begin in Paris on 26th July.
He added that Iran and North Korea are considered to pose lower risks, but vigilance remains crucial.
Mandiant predicts cyber espionage operations will target the Olympics, and hackers will also seek to cause chaos by disabling websites, crashing computer systems (DDoS), or wiping data using what is known as “wiper malware.”
Mandiant believes Russian malicious actors will likely exploit the games’ popularity to spread fake news, stating: “Threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations.”
Dr Collier said: “It’s important to consider the linkages between cyber operations and information operations. If they disrupt the victim then they want the world to know about that and they are going to publicise that victim.”
Compared to Russia, Mandiant highlights the primary concern around Chinese threat actors is information gathering against government officials and other VIPs attending the games.
Mandiant warns that this will create a risk of spear phishing, where hackers craft personalised emails designed to trick specific individuals. They could attempt to steal login credentials (credential harvesting). This stolen information could then be used for intelligence collection operations, giving attackers access to sensitive data.
While Chinese government hackers are capable and willing to target operational technology systems, the cyber security firm said “it is unlikely they will leverage destructive or disruptive campaigns targeting the Summer Olympics.”
Mandiant predict that the APT44 group, which is linked to Russia’s military intelligence (GRU), is most likely to target the upcoming games as they have a track record of conducting disruptive operations against Olympic related entities.
Google’s Threat Analysis Group discovered that prior to the 2018 South Korea Winter Games in Pyeongchang, the Russian hacking group APT44 had modified Android apps popular in South Korea, including a bus timetable app and an app for checking apartment rental prices. The intention was to steal information from users.
In the 2020 Tokyo Games, the same hacking group conducted reconnaissance – a digital scouting mission – targeting Olympic officials and organisations.
Mandiant’s recent report predicts that during the Olympics, APT44 is the group that is “most likely to conduct impactful disruptive, destructive, or hybrid operations in addition to intelligence collection.”
There is also a cyber physical threat from Russian groups. Dr Collier said: “We’ve seen GRU operatives that have travelled abroad in relation to the Rio Olympics and tried to get physical access.”
He gave an example where Wi-Fi networks of a hotel were compromised and then leveraged to obtain credentials of a senior official staying at a hotel.
Highlighting the threat posed, Dr Collier stated: “Russia has a history of targeting the Olympics, doing so with some pretty disruptive cyber campaigns.
“This could continue, given that Russia is banned from competing.
“You add to that fact that France has been a vocal supporter of Ukraine, and it just highlights that this is a threat that remains alive and well.”