The Olympic Games will be held in Paris next month and will likely be the focus of multiple types of threat actor who could seek to use the event to further their political agenda, to conduct cyber-crime for financial gain, make controversial and emotive statements or cause destructive and disruptive attacks to services and governments.
The upcoming Olympic Games are being held in Paris between July 26 and August 11, and will likely provide an attractive opportunity for a myriad of cyber threat actors to conduct cyber-attacks not only against France, but also participating countries, associated organisations and other countries currently involved in conflicts across the world.
Among the risks posed to the Olympics include cybercrime, state sponsored threat actors and hacktivism and disruption, as well as physical threats such as terrorism and civil unrest and protests.
High-profile events such as the Olympic Games present an interesting opportunity for state-sponsored threat groups, including advanced persistent threats (APTs) and hacktivists to engage in cyber-espionage, disruption or destructive operations.
This is due to the high number and importance of the attendees, plus the large attack surface available for campaigns.
Key themes for targeting the Olympic Games include NATO membership of the hosting nation, support for countries involved in active conflicts, and participation (or banning) of athletes from key states.
Russia have both motive and intent to interfere with the Olympic Games. France have provided support for Ukraine during Russia’s assault, and the International Olympic Committee have placed a ban on Russian (and Belarusian) athletes representing their home countries, only allowing them to participate as individuals and without a nation flag.
Russian threat groups have been attributed to cyber attacks during previous Olympic Games, including Rio 2016, Pyeongchang 2018 and Tokyo 2020 Games.
Conversely, China have no reported history of engaging with high-profile sporting events, and take great pride in participating in the Olympic Games; traditionally China are very successful. China are also enjoying a stable and professionally friendly relationship with France and their government, which was bolstered by France’s reluctance to boycott the Beijing Games in 2022 when other countries did, due to human rights abuses.
In a similar theme to Russia, Iran are under sanctions upheld by France due to Iran’s Nuclear Program. Additionally, France (and other Western European countries) have provided public and material support to Israel during the conflict with Hamas.
However, due to this ongoing conflict, Iran may be less likely to interfere with the Olympic Games for fear of negative consequences from NATO.
North Korea also enjoy participating in sporting events, which provide a great source of pride for the country, and this is the first Games North Korea are permitted to attend after a ban from the Beijing winter event in 2022, making them less likely to negatively affect the games.
However, their close relationship with Russia could result in proxy or false flag attacks, attempts to attack on behalf of Russia or as a distraction method for Russia actors.
Hacktivist activity around the Olympic Games will likely be prevalent, given the current geopolitical situation across the world. There has been a rise in hacktivist activity in recent years and hacktivists thrive on the publicity they achieve following successful attacks, including DDoS, defacement and larger collaborative campaigns which damage reputations and spread misinformation.
Artificial intelligence is ever-more commonly being merged with traditional cyber-warfare techniques to create more complex and damaging attacks. Influence operations are now combining misinformation with AI to generate content which is entering mainstream media and influencing viewers, often with negative or false information.
This has been seen most recently during election periods across the world, including the UK. As with any high-profile event, phishing and scams will increase with Olympic-themed lures with the aim of stealing credentials, gaining access to emails and accounts, or spreading malware for destructive purposes.
While the Paris Olympic Games are currently the focus of potential threats, this highlights the complexity of the threat landscape, and how relationships between countries and even individuals can shape the dynamic of an event and manipulate the likelihood of an attack being conducted or successful.
Threats such as Nation States, hacktivism and cyber-crime also pose a risk to concurrent events such as the UK General Election and the EU Parliamentary Elections taking place this year.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).