26/06/2024
CTI
Paris 2024 Olympic Games: a breeding ground for cyber threats
Cybersecurity Insights
Beyond the sporting aspect, the Games welcome hundreds of representatives of international delegations and the national committees of nearly 206 countries. Representation and non-representation are a veritable showcase for political demands such as recognition of the state, claims or denunciations of minorities and ideological propaganda.
In recent history, major sports events have been targeted by a variety of threat actors. And the Olympics Games are a sounding-board for geopolitical and social issues and are the perfect example to highlight those cyber threats. Most operations are and will be linked to the current geopolitical landscape:
- Trade sanctions against States,
- Wars and conflicts,
- Decisions by the International Olympic Committee on the participation of athletes in the Games.
Threat actors are ranging from cybercrime to state-sponsored groups. Regarding the Olympics in Paris, each will use this “opportunity” to conduct either hidden or open operations with different motivations:
- Espionage
- Influence
- Disruption
Cyber operations rooted in a strong geopolitical dimension
Espionage
Paris Olympics will bring together millions of people including diplomats, journalists, political exiles, business high profiles from all around the world.
If threat analysis often looks at the trio of Russia, China and North Korea when it comes to espionage all states conduct this practice. The methods can diverge from one nation to another, but it’s clear that an event like the Olympics will be the perfect occasion to conduct intelligence operations.
United States
The geopolitical climate and bilateral relations are key factors and must be considered. The United States are, for example, known to conduct competitive intelligence actions in key sectors like industry, defence, luxury, finance and the Games will act as an amplifier to gather strategic information.
China
China has often been cited as an example in the sphere of espionage. It is most likely that Chinese intelligence parties and/or state-sponsored actors will look to gain either advantage in the business sphere or information on people of interest. But well-known actions, if they are scaled by opportunities provided by the event, will have few to no impact on the Games directly.
As 2024 mark the 60th anniversary of China-France diplomatic relations, we must consider in our analysis the current dynamic between the two nations. Both have been adamant to have a relationship outside of the United States cover. Xi Jinping chose to come to France as the first European country in his European diplomatic tour. It is not in the interest of China to openly disturb the Games and cause harm to the current diplomatic state with France.
Russia
Russia, on the other hand, has every reason to seize this moment, especially with its exclusion from this Games edition.
« IOC Executive Board (EB) has recommended that athletes with a Russian or a Belarusian passport cannot be considered […], no flag, anthem, colours and any other identifications whatsoever of these countries displayed at any sport event […], no Russian and Belarusian government or state official can be invited to or accredited for any international sports event” Recommendations from the IOC, March 2023.
France has been one of the voices in Europe against the invasion of Ukraine and the subsequent war. The diplomatic relation between them is more and more dicey as President Macron announced multiple military aid package, including the latest one, sending combat jets to the Ukrainian army.
Middle East
Same goes for Palestine and Israel. As the war rages on, the claims of both sides could once again transpire through cyberspace. France has been an ally of Israel for many years and could face retaliation during the Games operations from Palestine allies and/or Iranian proxies.
State-sponsored threat actors could conduct espionage campaigns targeting government bodies, critical infrastructures to gather information. However, those campaigns will most likely not be the primary threats as those entities will choose to undermine and disrupt the Games.
Influence
“Information operations and warfare, also known as influence operations, include the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.” RAND. For France, the aim is to deploy its soft power and assert its global position as the Games are an opportunity to demonstrate its power in the current global geopolitical balance. Indeed, its ability to ensure the safety of participants and spectators from all over the world, to have the infrastructures to host the competitions and to react to a changing international framework are under scrutiny.
Same as espionage, any geopolitical action encourages retaliation in cyberspace, particularly destabilisation or disinformation campaigns stemming from states like Russia, China, Iran, Israel, Palestine, and so on, with various levels of sophistication and impact.
France has already denounced identified information operations, mostly coming from Russian-affiliated threat actors.
In February 2024, the French Minister of Foreign Affairs Stéphane Séjourné “announced that France has detected a propaganda network called “Portal Kombat”. In order to mislead European public opinion, particularly in France, this network, made up of so-called digital information portals, spreads pro-Russian content promoting the Russian invasion in Ukraine and denigrating the Ukrainian authorities. […] France firmly condemns these hostile information manoeuvres. We also repeat that no attempt at manipulation will dissuade France from continuing to support Ukraine in the face of Russia’s war of aggression.”
In May 2024, the Russian Minister of Foreign Affairs was summoned by the French ambassador to reiterate that France condemned current Russian information operations in retaliation for its military and political support to Ukraine. “The Russian Ministry once again reversed responsibilities, accusing Western countries of threatening Russia, although it is Russia that has been waging a war of aggression in Ukraine for more than two years in contempt of international law and pursuing aggressive manoeuvres aimed at destabilising European countries through cyberattacks and hybrid actions.”
Unlike its usual position on attribution, the French government has been adamant to acknowledge Russia’s actions. The motivations are clear: change the French and European population’s opinions to the Ukrainian invasion and undermine France’s position in the international sphere by compromising the image of a powerful nation able to protect its citizen.
Like Russia, Iran will surely continue its campaigns via hacktivists or state-sponsored actors to promote counter-narratives to the Western political positions.
- Israel/Palestine war;
- Nuclear issue: France (next to Germany and UK) has adopted on June 5th 2024 the resolution of the International Atomic Energy Agency Board of Governors urging that Iran should comply with the IAEA controls.
As we stated in our recent election series, it’s complex to affirm the impact of information operations on citizens. One thing is for sure, exposing a population to a content for even a short period of time, with the right medium, will have effects, at least on a few people. Repeat operations regularly and like everything else results will start to show.
Disruption
As in previous editions, an increase in Advanced Persistence Threat (APT) activity is expected, particularly in campaigns which aim to tamper systems and undermine the availability of services provided as part of the Games.
Telecommunication infrastructure is sensitive to any disruption (interruption of service, data theft, hijacking of broadcasting). We all remember the attack against TV5 Monde in 2015. The risk of attack will increase as for cybercriminals with an ideological agenda or any wish to be known, this event constitutes a great platform.
Companies should be aware of the different types of threats from rogue VPN to capture data to DDoS attacks as they are privileged targets for APT groups.
In 2023, CWATCH Almond identified 139 DDoS attacks in France (According to our data base).
Impacts of cybercrime on French economy
Experts estimate that the Paris Olympic Games could generate almost 10 million euros for the Ile-de-France region (at the high end of the range), particularly in the tourism sector. Over the past year, we’ve seen an exponential increase in the number of shops opening in Paris, particularly on the Champs Élysées, especially in the luxury and sports sectors. The influx of consumers into physical spaces, beyond e-commerce services, could increase attacks on payment terminals in addition to other attacks presented in our Retail report, such as DDoS, BOT attacks and ransomware.
Numerous groups have announced their sponsorship of these events, making them prime targets for threat actors whether they are opportunistic or hacktivists. They can be targeted by multiple spear-phishing campaigns aimed at service providers and organisers, as well as the events, construction and logistics companies involved.
During this type of event, the consequences of a lack of security will be measured in terms of reputation. At a time when there is already a great deal of media coverage and reports from around the world, the French government must avoid any incident like the ones observed in May 2023 at the Stade de France. That event affected the confidence that France could assure the safety of spectators.
An attack either cyber or physical could therefore have disastrous consequences. More than the government, the French economy is at stake. Paralysing even for a few minutes companies from critical sectors like aviation, telecommunications, luxury, retail means revenue loss.
The number of cyberattacks against transportation entities is likely to increase in the next few months. The threats are mainly staying the same as the ones observed today, ransomware being the most disruptive. Russian hacker groups like Killnet have been targeting transportation companies’ websites in repercussion to European sanctions against Russia in 2022. The main goal was to intimidate and influence geopolitical decisions with a resurgence of Russian military operation in the summer and a troubled French political landscape, opportunities should emerge and could be costly to the service sector.
Guarantee the safety of the population
During this type of event and beforehand, as was the case in the last World Cup in Paris, there is an increase in the volume of phishing campaigns and fraud attempts targeting spectators. Cybercriminals are using techniques to usurp official ticketing sites, either by deleting them or by creating fake pages to mislead spectators. In 2023, the cyber pole of the Gendarmerie had identified 44 illegal sites selling fake tickets. At a few weeks before the opening ceremony, those numbers have exponentially increased.
We can also imagine an increase in announcements by criminal groups on forums in search of insiders, as this is a good time to monetise their access (see Almond’s study on Insider Threat).
The health sector will be particularly closely watched. Healthcare establishments, already heavily targeted by ransomware attacks , will be over-mobilised in this context. It is also an opportunity for groups practising the double and triple extortion technique, with the data of millions of people gathered in environments too often poorly secured.
Attacks on the confidentiality of players’ health data to discredit a country should also be considered. This can take the form of targeting anti-doping institutes and publishing analysis results, as that was the case at the Rio Games in 2016. As a temporary clinic has been created especially for JO 2024 to care for athletes, we can imagine that cybercriminals groups will be more than interested in that type of structure.
As we know, attackers look for the weak link to conduct supply chain attacks. To compromise one entity, they will try to compromise the low-level ecosystem often less secured (third parties, solutions vendors, service providers). That means that critical sectors like energy, water, transport will have to increase already high surveillance on their threat landscape to detect any hint of an attack.
References
À un an des JO de Paris 2024, l’attractivité des Champs-Elysées poursuit en envol. (2023, July 12). actu.fr. https://actu.fr/ile-de-france/paris_75056/a-un-an-des-jo-de-paris-2024-l-attractivite-des-champs-elysees-poursuit-en-envol_59837590.html
ANSSI. (2023). GRANDS EVENEMENTSSPORTIFS EN FRANCE (p. 27). https://www.cert.ssi.gouv.fr/uploads/20230515_NP_TLPCLEAR_PAPCLEAR_AMC_GrandsEvenementsSportifs.pdf
Boyd, C. (2021, July 28). The Olympics: A timeline of scams, hacks, and malware. Malwarebytes. https://www.malwarebytes.com/blog/news/2021/07/the-olympics-a-timeline-of-scams-hacks-and-malware
CERT Santé. (2022). Observatoire des incidents de sécurité des systèmes d’information pour les secteurs santé et médico-social (p. 43). https://esante.gouv.fr/sites/default/files/media_entity/documents/ans_certsante_rapport_public_observatoire_signalements_issis_2022_vf.pdf
Foreign digital interference – France detects a Russian propaganda network (12 Feb. 2024). France Diplomacy – Ministry for Europe and Foreign Affairs. Retrieved 12 June 2024, from https://www.diplomatie.gouv.fr/en/country-files/russia/news/article/foreign-digital-interference-france-detects-a-russian-propaganda-network-12-feb
Greenberg, A. (2023, September 5). Inside Olympic Destroyer, the Most Deceptive Hack in History. Wired. https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/
Hurdling over Hazards: Multifaceted Threats to the Paris Olympics. (n.d.).
Jeux olympiques: Le sport comme vecteur de puissance géopolitique. (2023, September 4). IRIS. https://www.iris-france.org/164492-jeux-olympiques-le-sport-comme-vecteur-de-puissance-geopolitique/
JO Paris 2024: Quelles retombées économiques pour les entreprises ? | CCI – Chambre de commerce et d’industrie. (2023, September 4). https://www.cci.fr/actualites/jo-paris-2024-quelles-retombees-economiques-pour-les-entreprises
Les défis du laboratoire informatique des Jeux de Paris 2024. (2023, September 4). L’Équipe. https://www.lequipe.fr/Tous-sports/Actualites/Le-defi-du-laboratoire-informatique-des-jeux-de-paris-2024/1393129
Les JOP 2024 en chiffres. (n.d.). Académie de Paris. Retrieved 11 January 2024, from https://www.ac-paris.fr/les-jop-2024-en-chiffres-129658
McKay, K., Kakumaru, T., Iwata, T., Utsuda, T., Hayashi, K., Olson, R., Saengphaibul, V., & Jenkins, N. (2020). OLYMPICS CYBERSECURITY WORKING GROUP MEMBERS.
Measuring the Effects of Influence Operations: Key Findings and Gaps From Empirical Research—Carnegie Endowment for International Peace. (n.d.). Retrieved 12 June 2024, from https://carnegieendowment.org/research/2021/06/measuring-the-effects-of-influence-operations-key-findings-and-gaps-from-empirical-research?lang=en#effects/?lang=en
Olympic Games: Combating cyber risks | Stormshield. (n.d.). Retrieved 11 January 2024, from https://www.stormshield.com/news/cybersecurity-olympic-games-lessons-learned-ahead-of-paris-2024/
Paris 2024 en chiffres: Des jeux de tous les records. (n.d.). Retrieved 11 January 2024, from https://www.france.fr/fr/actualite/liste/jo-paris-2024-chiffres-cles
Pellistrandi, J. (n.d.). JO de Paris: Un compte à rebours géopolitique.
Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics. (n.d.). Google Cloud Blog. Retrieved 12 June 2024, from https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics
Projet de loi relatif aux jeux Olympiques et Paralympiques de 2024. (2023, April 7). Sénat. https://www.senat.fr/rap/a22-246/a22-246.html
RecordedFuture. (n.d.). Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign. Retrieved 12 June 2024, from https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail
Securing Gold: Assessing Cyber Threats on Paris 2024—Sekoia.io Blog. (n.d.). Retrieved 11 January 2024, from https://blog.sekoia.io/securing-gold-assessing-cyber-threats-on-paris-2024/#h-the-olympics-a-timeline-of-cyber-operations
Targeting Operational Technology: The Hacktivist’s Path to Public Attention and Disruption | Dragos. (2024, June 6). https://www.dragos.com/blog/hacktivist-tactics-targeting-operational-technology/
Team, F. I. (2018, January 10). Spear-Phishing Campaign Targets Winter Olympics—CrowdStrike. Crowdstrike.Com. https://www.crowdstrike.com/blog/malicious-spear-phishing-campaign-targets-upcoming-winter-olympics-in-south-korea/
Tokyo Olympics Leveraged in Cybercrime Attack. (2021, August 18). Trend Micro. https://www.trendmicro.com/en_in/research/21/h/tokyo-olympics-leveraged-in-cybercrime-attack.html
UK exposes series of Russian cyber attacks against Olympic and Paralympic Games. (2023, September 5). GOV.UK. https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games
WTcr-prod. (2023, August 3). Cyberthreats increasingly target the world’s biggest event stages. Security Insider. https://www.microsoft.com/en-us/security/business/security-insider/reports/cyber-signals/cyber-signals-issue-5-cyberthreats-increasingly-target-the-worlds-biggest-event-stages/
Chloé GREDOIRE
Analyste CTI
Adrien LAVIGNE
Analyste CTI