Russian cyber operations are largest threat to Olympics, Google warns


Cyber espionage, disruptive operations, information operations, and financial scams – the Paris 2024 Olympics faces numerous cyber threats, and Russia poses the largest of them, Google’s Mandiant warns. Other state-sponsored actors and cybercrime rings are throwing their hats into the ring, too.

Russian threat groups pose the highest cyber threat to the Paris Olympics, with Sandworm (APT44, also known as Frozenbarents) being the most likely Russian threat group to conduct disruptive, destructive, or hybrid operations in addition to intelligence collection, according to the US cybersecurity firm owned by Google.

Researchers base this conclusion on a well-documented track record of Russian gangs targeting past Games.

ADVERTISEMENT

During Rio 2016, Fancy Bear (APT28) targeted anti-doping officials and compromised sports and anti-doping organizations, while Sandworm leaked athletes’ medical data.

During the Pyeongchang 2018 Winter Games opening ceremony, Sandworm disrupted connectivity using a wiper, conducted credential harvesting at scale, and distributed trojanized mobile applications.

“The activity included credential phishing and distribution of Windows, MacOS, and Android malware. In the Android campaign, APT44 obtained legitimate copies of Android applications popular in South Korea, modified them to add a custom mobile implant, and then published the trojanized apps to the Play Store,” Mandiant said.

Google discovered the Android campaign and protected users in other APT44 campaigns, such as attempting to target Ukrainians with a fake webmail app or a domestically-focused campaign targeting businesses in Russia.

In 2020, the UK’s National Cyber Security Centre reported Sandworm reconnaissance of Olympic officials and organizations at the Tokyo Games.

“Pro-Russian information operations will pose a frequent, moderate severity threat to the Summer 2024 Olympic Games. We have observed information operations promoting pro-Russia, anti-Ukraine, and anti-Western narratives leveraging the Olympics due to the popularity of the Games,” Mandiant Intelligence assesses “with high confidence.”

Researchers also expect political retribution for France’s pro-Ukraine stance and Russia’s ban from competing at the games under their flag.

In February 2024, France accused Russia of conducting widespread disinformation campaigns to disrupt the Olympics and upcoming general elections in the EU. Two months later, while opening an Olympic swimming venue, French President Emmanuel Macron accused Russia of conducting an online disinformation campaign undermining the safety and security of the upcoming games.

ADVERTISEMENT

Several other pro-Russia hacktivist groups pose a viable threat to the Olympics. Those include Anonymous Sudan, Cyber Army of Russia Reborn, NoName057(16), UserSec, and Server Killers.

“Doppelganger” campaign ongoing

Mandiant Intelligence has observed the pro-Russian information operations campaign publicly referred to as “Doppelganger,” exploiting inauthentic domains and social media accounts in English, German, French, and Italian. Doppelganger circulates narratives aligned with Russian strategic interests, including those related to the Russian invasion of Ukraine.

Cybernews reported that pro-Kremlin propaganda even deep-faked Tom Cruise’s voice to undermine the Olympics in the faux documentary.

Mandiant has observed fake articles implying that France was not prepared as a host, framing the French Government as inadequately prepared for the security risks potentially surrounding the games, fueling fears of Islamic extremism.

fake-article-olympics

“We judge the threat from pro-Russia hacktivists to be particularly elevated because several of these groups have publicized destructive attacks or data leaks from Russian state-sponsored intrusion activity. Several groups have also demonstrated the ability to disrupt high-profile targets with DDoS attacks,” Mandiant warns.

Other actors join

China, Iran, North Korea, and Belarus also pose moderate to low cyber threats.

China’s sponsored groups APT31, APT15, UNC4713, and TEMP.Hex are most likely to target organizations and individuals related to the event given, Mandiant suggests.

ADVERTISEMENT

“High-profile government officials and senior decision makers attending the event will likely be an attractive target for PRC state-sponsored threat actors seeking personally identifiable information, credentials, or other sensitive information to support their national interests. This creates a heightened risk of spearphishing, credential harvesting, and intelligence collection operations.”

However, despite their high capabilities, researchers do not expect China’s gangs to use destructive or disruptive campaigns. They will likely use Olympic-themed narratives to promote pro-China and anti-Western ideologies.

threat-map

Iranian state-sponsored threats, primarily APT42, operating on behalf of the Islamic Revolutionary Guard Corps, may leverage the Games to support campaigns related to the conflict in Gaza and conduct operations in Israel.

North Korean gangs pose a low threat to the Olympics, but they might conduct financially motivated operations.

There are other financially motivated threats, such as ransomware and extortion cybercrime rings, scammers, and fraudsters.

“The amount of financial transactions conducted at the games will likely be an attractive target for malicious actors seeking profit with minimal effort. Cybercrime will likely be opportunistic in nature,” Mandiant warned.

They suggest expecting ticket scams and lure material related to the Olympics. Cyber threats could realistically impact various targets, ranging from organizers and sponsors, ticketing systems, and Paris infrastructure to athletes and spectators traveling to the event. However, the security community is also better prepared and expects to deal with these cyber threats.

ADVERTISEMENT