As the Paris 2024 Olympics approach, Google’s cybersecurity firm Mandiant has raised alarms about significant cyber threats, with Russia posing the largest risk. The threats include cyber espionage, disruptive operations, information operations, and financial scams, all of which have the potential to disrupt the Games.
Russian Threat Groups: A Major Concern
According to Mandiant, Russian threat groups, particularly Sandworm (APT44), are expected to conduct disruptive, destructive, or hybrid operations alongside intelligence collection. This conclusion is based on a well-documented history of Russian cyber operations targeting past Olympic Games.
Historical Precedents
- Rio 2016: Fancy Bear (APT28) targeted anti-doping officials, compromising sports and anti-doping organizations, while Sandworm leaked athletes’ medical data.
- Pyeongchang 2018: Sandworm disrupted the Winter Games’ opening ceremony by using a wiper, conducting large-scale credential harvesting, and distributing trojanized mobile applications. The activities included phishing and the distribution of malware across Windows, MacOS, and Android platforms.
- Tokyo 2020: The UK’s National Cyber Security Centre reported Sandworm’s reconnaissance efforts targeting Olympic officials and organizations.
Pro-Russian Information Operations
Mandiant predicts that pro-Russian information operations will pose a frequent and moderately severe threat to the Paris Olympics. These operations are expected to promote pro-Russia, anti-Ukraine, and anti-Western narratives, leveraging the Olympics’ popularity. The firm also highlights the potential for political retribution due to France’s pro-Ukraine stance and Russia’s ban from competing under its flag.
France Accuses Russia of Disinformation Campaigns
In early 2024, France accused Russia of conducting widespread disinformation campaigns aimed at disrupting both the Olympics and upcoming EU general elections. French President Emmanuel Macron reiterated these concerns, accusing Russia of undermining the safety and security of the Games.
Other Threat Actors
Several other pro-Russia hacktivist groups, including Anonymous Sudan, Cyber Army of Russia Reborn, NoName057(16), UserSec, and Server Killers, also pose viable threats to the Olympics. Mandiant has observed the ongoing “Doppelganger” campaign, which exploits fake domains and social media accounts to circulate narratives aligned with Russian interests.
Additional State-Sponsored Threats
China, Iran, North Korea, and Belarus also present moderate to low cyber threats. Chinese groups APT31, APT15, UNC4713, and TEMP.Hex are likely to target event-related organizations and individuals for intelligence collection. Iranian threats, primarily APT42, may leverage the Games for operations related to the conflict in Gaza and against Israel. North Korea, while posing a lower threat, may conduct financially motivated operations.
Financially Motivated Threats
Cybercrime rings, scammers, and fraudsters are expected to exploit the high volume of financial transactions during the Games. Mandiant warns of potential ticket scams and other opportunistic cybercrimes targeting organizers, sponsors, ticketing systems, Paris infrastructure, athletes, and spectators.
Enhanced Preparedness
Despite these threats, the cybersecurity community is better prepared than ever to handle such challenges, ensuring the safety and security of the Paris 2024 Olympics.