Paris Olympics fertile ground for nation-state hackers, researchers warn

This summer’s Olympic Games in Paris could be an attractive target for hackers from Russia, China and Iran pursuing political goals, researchers are warning.

Observers are already seeing an increase in influence campaigns ahead of the games — primarily conducted by Russia — but also foresee other sorts of activity, including espionage, ransomware and, with less likelihood, disruptive operations.

Given the significance of the event and its international reach, the attacks could pose a threat both to France and its allies, as hackers may attempt to gather information about targets of interest and amplify narratives critical of France, NATO and Israel, according to a report from Recorded Future’s Insikt Group. The Record is an editorially independent unit of Recorded Future.

More than any other country, Russia is most motivated to launch cyberattacks during the summer Olympics, researchers say. In fact, Russia has a longstanding tradition of seeking to undermine the competition, and this year the Kremlin has even more reason to be angry. 

After Moscow invaded Ukraine, the International Olympic Committee decided that Russian and Belarusian athletes could only compete in the Paris Games under the status of “individual neutral athletes,” rather than representing their home countries.

“If they cannot participate in or win the Games, then they [Russians] seek to undercut, defame, and degrade the international competition in the minds of participants, spectators, and global audiences,” Microsoft said in another recent report about digital threats to the Paris Olympics.

Influence operations

State actors are spreading disinformation about the Paris Olympic Games as part of their ongoing influence operations, mostly to further geopolitical aims, Recorded Future said.

Russia is especially active on this front and will only ramp up its campaigns as the opening ceremony approaches, Microsoft predicts.

The company is tracking several prolific Russian actors conducting influence campaigns — Storm-1679 and Storm-1099 — which it says are pursuing two major objectives: to spoil the games and France's reputation, and to create the expectation of violence breaking out in Paris during the event.

In one of its campaigns, Storm-1679 created a fake Netflix documentary called “Olympics Has Fallen,” featuring an AI-generated voice impersonating actor Tom Cruise. The hackers promoted the movie — a play on the real 2013 film “Olympus Has Fallen” — by writing bogus five-star reviews from reputable media outlets like the New York Times, the Washington Post, and the BBC.

Spoofing media outlets is a common tactic among Russian actors. Microsoft detected several instances where they masqueraded their propaganda about the Olympics as news clips from well-known media outlets, including France24 and Brussels-based Euronews.

Espionage vs disruptive attacks

As of now, Recorded Future researchers said they are not aware of any "imminent, planned, or ongoing" state-sponsored destructive or espionage campaigns linked to known state-sponsored groups targeting the Olympics, its organizers, or sponsors. However, they do not rule out the possibility of such attacks.

Destructive operations are less likely than spying attempts. Any "destructive or disruptive attacks are likely to be moderated by a 2022 NATO declaration that cyberattacks against a member state could be eligible for triggering the Article 5 collective security clause of the NATO charter," they said.

The Kremlin, however, has the option of relying on Russian cybercriminals or pro-Russia hacktivists to disrupt the Olympics while maintaining plausible deniability. Among the state-sponsored Russian groups most likely to be tasked with traditional cyber-espionage or hack-and-leak operations, researchers mention BlueBravo and Turla, while Sandworm and Fancy Bear could be engaged in disruptive operations.

China and Iran have not previously been involved in major hacks against the Olympics or other sporting events. However, their state hackers could engage in some level of opportunistic cyber-espionage operations against select attendees or Olympics-affiliated organizations, researchers say.

Ransomware operations

Big sporting events like the Olympics could be “an ideal opportunity for financially motivated cybercriminals to commit ransomware attacks,” Recorded Future said.

Companies involved in the event will be under significant pressure to maintain uninterrupted service and less prone to tolerate any downtime of core infrastructure that can disrupt proceedings and damage reputations.

Ransomware actors could use this to their advantage to extort high ransom payments from local businesses.

Researchers suggest that it is most likely that hackers will direct their attacks on organizations supporting the Olympics rather than the event organizers. Sectors such as transportation and logistics, hospitality, and public services will be the most vulnerable to financially motivated attacks, according to researchers, as Paris is preparing to welcome an expected 15 million tourists.

“The level of disruption to the Paris Olympics will almost certainly vary based on the critical role played by the targeted organization, and there is almost no chance of a complete halt of the Paris Olympics due to a single intrusion or a large and coordinated campaign,” Recorded Future said.