For months, government officials in Paris have warned that an unprecedented wave of cyberattacks during the upcoming Olympic Games is expected. Now, with the 2024 Olympic Games in Paris rapidly approaching and scheduled to begin on July 26, all eyes are on security.
The French Cybersecurity Agency (ANSSI), working with national and international partners and cybersecurity companies, has been training to detect, respond to, and shut down threats in the digital space.
But bad actors and international cybercriminal gangs aren’t waiting for the Olympic torch to light up before initiating their cyber warfare. Reports from Google and Microsoft reveal that attacks have already begun, and the worst is yet to come.
Mandiant identifies top nation-state threats and main Olympic targets
On June 5, Google Threat Intelligence released an assessment of Mandiant, the cybersecurity firm and a subsidiary of Google. The assessment found that the Paris Olympics face an elevated risk of cyber threat activity.
Mandiant says that the Games create opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. The biggest threat? Russian groups.
“Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics,” Mandiant said. “While China, Iran, and North Korea state-sponsored actors also pose a moderate to low risk.”
Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics.
Google Threat Intelligence report
For cyberespionage groups, the Olympics are an opportunity to breach and compromise as many high-level systems and individuals as possible. Especially considering that world leaders and government representatives are expected to attend the event.
Additionally, groups looking to seed chaos for political reasons see the Olympics as the perfect stage to unleash wipers, DDoS, and attacks on Paris infrastructure.
Additionally, tourists attending the event are also prime targets for financially-motivated bad actors. Event fraud schemes, such as ticket and QR money scams and large-scale phishing, are expected to play out, impacting those who attend.
Olympic targets include:
- The International Olympic Committee (IOC)
- Athletes, country teams, and support staff
- Olympics-related entities
- Physical infrastructure linked to the Games
- Paris infrastructure
- Payment and ticketing systems
- High-profile individuals traveling to Paris
- Tourists
Russian attacks are already taking place on the ground
With a long history of attempting to disrupt the Olympics, Russian-linked cyber threat groups have already begun malicious campaigns in Paris. But the new Olympic Games face a new disruptive technology that augments attacks: AI.
On June 2, the Microsoft Threat Analysis Center (MTAC) reported that Russia is ramping up fake news and disinformation campaigns. These campaigns have targeted France, French President Emmanuel Macron (who recently called for unexpected elections), the International Olympic Committee (IOC), and the Games in Paris.
MTAC says that these attacks are combining “old tactics” with AI, and they have the potential to intensify incidents. According to MTAC, Russian threat groups have 2 goals. The first is to attack the reputation of the IOC. The second is to fuel the expectation of violence and protests in Paris before and during the Olympics.
A perfect storm descends on Paris
MTAC has identified the groups behind the AI-driven misinformation campaigns as Storm-1679 and Storm-1099. These groups have shifted their focus, operations, and rich resources and infrastructure to target the Olympics. Their efforts began in June 2023 and are growing day by day.
“Olympics Has Fallen”: A deepfake AI documentary
In June 2023, Storm-1679 released a fake documentary that featured a deepfake of Tom Cruise. The documentary was first distributed through Telegram and later spread online.
“The use of slick computer-generated special effects and a broad marketing campaign, including faked endorsements from Western media outlets and celebrities, indicates a significant increase in skill and effort compared to most Influence Operations (IO) campaigns,” Microsoft said.
Storm-1679 wants to spread public fear and sabotage tourist attendance. The group has consistently produced “a collection of deceptive videos that depict the expectation of violence at the Games.”
Fake AI-driven Storm-1679 content includes:
- A fake video impersonating Brussels-based media outlet Euro News claiming Parisians were buying property insurance in anticipation of terrorism at the Games
- A fake video impersonating the French broadcaster France24 claiming that 24% of tickets for the Games had been returned due to fears of terrorism
- Fake videos impersonating the American Central Intelligence Agency (CIA) and the French General Directorate for Internal Security (DGSI) that warned attendees to stay away from the Paris 2024 Olympics due to the alleged risk of a terror attack
Threats from cyberspace spill over into the streets of Paris
The group also leveraged the Israel-Hamas conflict to fabricate Olympic threats. Additionally, disinformation campaigns have spilled from cyberspace into the streets of Paris, as bad actors turn to graffiti to threaten violence. Some graffiti has been linked to the French support of Ukraine. Other graffiti has been associated with the threat of terror attacks.
But not all the graffiti on Paris streets is “real.” Microsoft identified online images of graffiti in Paris that were digitally generated and “unlikely to exist at the physical location.”
Russian groups are throwing all the new tech they have against the Olympics, turning to AI for content creation and using automated social media bots to spread the fake news.
Storm-1679 isn’t the only Russian threat group hitting Paris. The Russia-affiliated actor that Microsoft tracks as Storm-1099 (also known as “Doppelganger”) has also shown up to play hard. For the past months, the group has disseminated fake anti-Olympics narratives.
Storm-1679 has created 15 unique French language “news” sites, including its core disinformation outlet Reliable Recent News (RRN). Through these fake sites, it spread fake news. Key topics include IOC corruption and inevitable violence and protests to unfold in Paris soon. Storm-1679 has also created forgeries of the French outlets Le Parisien and Le Point, going after President Macron and his government.
Fake narratives may be a decoy
It is clear that the intention of the Russian actors is to be the spark that lights up real-world protests to trigger violence and chaos. However, fake news campaigns can also be a distraction from larger cyberattacks at play.
As cybersecurity specialists in Paris focus on these widespread fake news campaigns, they are spending resources (time and manpower). The real threat is that they might lose focus on bigger dangers at hand.
Distraction attacks are very common among nation-state groups and sophisticated cybercriminals. For example, DDoS attacks are often used as decoys to lure security teams into focusing on certain incidents without noticing they are being breached behind their backs.
Russia has a decades-long history of targeting the Olympic Games. Their attacks include:
- 2016 Rio Olympics: APT28 targeted and compromised anti-doping officials while APT44 leaked athlete medical data.
- 2018 Pyeongchang Olympics: APT44 conducted credential harvesting and distributed trojanized mobile applications. They also deployed wipers to disrupt connectivity during the opening ceremony.
- 2020 Tokyo Olympics: ATP44 targeted Olympic officials and organizations.
China, Iran, North Korea, and hacktivists who have skin in the Games
Mandiant Intelligence also found with “moderate confidence” that bad actors from China, Iran, and North Korea pose a risk to the 2024 Olympics.
Chinese groups APT31, APT15, UNC4713, and TEMP.Hex were identified as the most likely to go after organizations, governments, civil societies, NGOs, and individuals in Europe. The goal of these groups has been linked mostly to cyber espionage. Mandiant says they will seek personal identification information (PII), credentials, and sensitive information that could support Chinese agendas. Spear-phishing, credential harvesting, and intelligence collection operations are the most expected.
In contrast, Iran state-sponsored threats, mostly linked to APT42, might be leveraging the Olympics, given the Middle East tensions caused by the Hamas-Israel armed conflict.
Mandiant Intelligence added that North Korean threat actors might “leverage information surrounding the Games as lure material for financially motivated operations or potentially as material for social engineering campaigns to build rapport with targets.”
Additionally, hacktivists linked to Russia, the Middle East, and other regions might be particularly interested in the Olympics due to their large platform potential. Anonymous Sudan, Cyber Army of Russia Reborn, NoName057(16), UserSec, and Server Killers, are all groups being tracked by security specialists.
The bottom line
The upcoming Paris Olympics are under a digital siege, with a wave of cyberattacks ranging from sophisticated disinformation campaigns using AI-generated content to potential breaches of critical infrastructure. While French authorities are actively working to counter these threats, the coming weeks will be a critical test of their preparedness.
It is critical that the focus on disinformation campaigns doesn’t overshadow the possibility of more disruptive cyberattacks. Hackers could target ticketing systems, disrupt competition operations, or even unleash data breaches that expose sensitive information.
Overall, the international community must stand together to defend the integrity of the Olympic Games. Collaboration between governments, cybersecurity firms, and the International Olympic Committee is crucial to ensure a safe and secure event for athletes, spectators, and all participants.
