Russia has been banned once again from competing as a country in the Olympics. Though, if gold medals got awarded for cyberattacks, malign influence operations, and persistent mayhem, Russia could sweep the podium.
According to the Paris Olympic Organizing Committee, the recent CrowdStrike global IT outage will have minimal effect on the Olympics’ cybersecurity – a small measure of good news leading up to the games. However, there are many more threat actors than ever before. The world remains embroiled in a war between Ukraine and Russia, the Middle East is consumed with the Israeli-Hamas battle in addition to Hezbollah and Houthi attacks, and China continues to flex its muscles in the South China Sea. This provides the perfect storm for continued Russian disinformation and hostile cyber operations.
On June 5, Mandiant released an overview of the Olympics’ threats. They assessed with high confidence that “…the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.”
Russian threat groups “pose the highest risk.” Other state actors, such as China, Iran, and North Korea, pose a “moderate to low risk.” However, malicious cyber activity may not pose the greatest risk. A more up-close and personal threat could augment Russia’s disinformation and malign influence capabilities.
The United States Department of Justice issued indictments against seven intelligence officers with GRU, Russia’s Main Intelligence Directorate for their armed forces. When remote access attempts to compromise targeted accounts and individuals failed, a specialized cadre of close access teams would travel to the physical locations.
“Using specialized equipment, and with the remote support of conspirators in Russia…these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks.”
The indictment gives a litany of attacks against the Olympics, including Sochi in 2014 and Rio in 2016, the World Anti-Doping Agency, and more. No one was safe from being targeted, regardless of where they were in the world.
An ongoing campaign of deepfake videos directed at the Paris Olympics, including Tom Cruise and Elon Musk, aims to disparage the leadership of the International Olympics Committee.
France and Paris are banking on a packed turnout, a large volume of ticket sales, and a massive economic impact. The figures touted are more than “15 million visitors” and “an estimated €11 billion (approximately U.S.$12 billion) in economic activity.” Here is where a combination of influence operations, cybercrime activity, and disinformation could cause the most significant economic harm to the games.
One goal of Russia is to drive down attendance at the games by creating an atmosphere of insecurity and the potential for violence. Videos purporting to be Parisians buying extra property insurance in anticipation of terrorism were teamed with news clips suggesting one-quarter of purchased tickets were refunded due to these same fears.
A video was posted by the terrorist group Hamas on X, threatening “rivers of blood flowing through the streets of Paris” as retaliation for allowing Israel into the games. Russia has a long history of meeting and working with Hamas.
A report from the threat intelligence unit at Microsoft highlighted how Russia seeks to use current geopolitical conflict to instill additional terrorism fears. Arguably, the worst example was the use of memories from the 1972 Munich Olympics and the massacre of eleven Israeli athletes and a West German police officer.
With billions of euros flowing through all manner of networks, the opportunity for phishing, fraud, theft, and identity theft is off the charts. Hundreds of fake domains linked to ticket sale sites have been identified and taken down, only to have more sites pop back up.
A host of bad actors will test the efforts to defend and protect the games physically, virtually, and in cyberspace in the next few days. Years of preparation will come down to nineteen days. Let’s hope these efforts keep Russia and criminals off the podium.
SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.