Cyber Attacks targeting the Paris Olympics
Published:
The Olympic Games were hosted in the French capital of Paris between July 26 and August 11, with 204 countries and regions participating, including athletes from active conflict zones such as Ukraine, Israel, Palestine and refugee athletes.
After the Games closed, French authorities announced that more than 140 cyber-attacks had occurred however none that affected the Games’ operations. Around the time of the Games, pro-Russian and pro-Palestinian hacktivist activities were observed promoting their agendas. Pro-Russian hacktivist activity was due to both Russian and Belarus athletes being barred from Olympic team sports by the International Olympic Committee (IOC) due to Russia’s ongoing war with Ukraine. The IOC instead chose to allow individual athletes from these countries to compete as ‘Individual Neutral Athletes’ if approved and could compete as individuals in their respective sport. Naturally, Russia condemned the decision and Palestine also called on the IOC to impose sanctions against Israel, a participating state. Read more in this week’s edition of Cyber Security Insights.
Figure 1: A visual from the fake Documentary “Olympics has fallen”
More than a year before the Olympics began, Russian based groups began a disinformation campaign in attempts to undermine the French government, Olympic games and the IOC. Storm-1679, a Russian disinformation group were allegedly responsible for a deep fake documentary called “Olympics has fallen” (Figure 1) which was released on YouTube in early 2023. The video accused the IOC of corruption, attempted to instill fear in potential attendees, exploited public figures and falsely claimed to be produced by Netflix featuring deepfake audio from actor Tom Cruise. The video was quickly taken down, however was frequently shared on social media platforms such as Telegram. Additional deep fake videos that defamed the Olympics and the IOC also went viral.
Taking the situation seriously, the IOC issued a statement in November 2023 denying the content of the “Olympics has fallen” and claiming that it was part of an organized disinformation campaign. The press and media representatives were advised to confirm authenticity with the IOC before using any material.
Figure 2: Pro-Russian Hacktivists Suggest DDoS Attack on Official Olympic Partners
Figure 3 Pro-Palestinian Hacktivists Suggest a DDoS Attack on Israeli Swimming Association
Pro-Russian and pro-Palestinian hacktivists launched frequent cyber attacks against Olympics-related organizations and private companies in the run-up to and during the Games. Pro-Russian hacker groups launched DDoS attacks against Olympic sponsors and related organizations (Figure 2). Pro-Palestinian hacker groups exposed personal information of Israeli athletes and launched DDoS attacks against Israeli sports organizations (Figure 3).
Additional hacktivist groups also launched cyber attacks against the French Olympic Games website due to the controversial opening ceremony performance which allegedly portrayed a parody of Leonardo da Vinci’s famous painting ‘ The Last Supper’ with groups claiming it was blasphemous.
Fraudulent Olympic websites were created by threat actors
In addition to DDoS attacks, numerous cybercrimes were committed through use of scam websites and video streaming sites that took advantage of the event to defraud individuals of money. This type of activity has become a regular occurrence at other major sporting events. Cyber criminals create fake websites selling tickets and merchandise, stealing credit card information, payments and sensitive information. In some cases the fake websites were created by using the Games logo and by copying legitimate websites in order to mislead the public. Many domains using Olympics-related keywords such as “parisolympics2024 [.] store” and “shop-olympics [.] shop” were acquired and used by the fake websites to rank higher in searches.
A number of fraudulent cryptocurrency coin and token sales using Olympics-related brands were also confirmed. Similar scams appear to be investment fraud and have appeared in the past at large-scale events such as the FIFA World Cup.
Fraudulent activity on streaming sites showing the games
Posts directing people to fraudulent streaming sites are common on social media, especially around the time of major sporting events. Many sites were observed during the Paris Olympics, unsuspecting victims clicking on links in posts were directed scam websites disguised as affiliated to the Olympic Games (Figure 4). If a user accessed the scam site, an account registration screen would appear (Figure 5), requesting credit card information as well as contact information.
Figure 4: A scam Olympic Games streaming service
Figure 5: Scam site requesting registration to access fake streaming service
Ransomware attack at Olympic venues
In preparation for the Paris Olympics, the organizing committee worked with the National Agency for Information Systems and Security (ANSSI) and other French government and military cybersecurity agencies to secure the Games. Strategies were developed to strengthen cyber threat intelligence and protect critical IT infrastructure for around 700 organizations related to hosting the Games.
On August 13, shortly after the Paris Olympics closed, the ANSSI announced that, as a result of its support for the Games’ security measures, there were no attacks that compromised the Games. Between July 26 and August 11, more than 140 cyber attacks were reported. Among the major incidents, the ANSSI recorded 119 low-impact “security events” and 22 incidents where attackers targeted information systems.
Summary
Thanks to stringent security measures, the Paris Olympic Games were largely uneventful. The attacks that did occur did not disrupt the Games, but rather were aimed at capitalizing on the attention given to the Games by spreading disinformation and attempted fraudulent activity. This experience and similar approach will no doubt be referenced for future Olympic Games and other major sporting events and highlights how global events like the Olympics are now high-profile targets for online disinformation and propaganda.
About our Cyber Security Insights
This blog post is part of our The Cyber Security Insights, that are released several times every month, providing invaluable insights into the evolving threat landscape. Crafted by NTT Security Japan Inc. Consulting Services
Department’s OSINT Monitoring Team and NTT Security Sweden’s Incident Response Team, our content includes expert analysis on recent breaches, vulnerabilities, and cyber events. Stay ahead of the curve with our timely updates and actionable intelligence, ensuring your digital assets remain secure in an ever-changing environment.
Sources:
- France 24 “France reports over 140 cyberattacks linked to Olympics”
- The New York Times “I.O.C. Says It Was Target of Elaborate ‘Fake News’ Campaign
- IOC “IOC statement on fake news campaigns targeting the IOC”
- NTT Security Japan “Cyber attacks targeting Paris Olympics”
- BforeAI “2024 Paris Olympic Games Infrastructure Attack Report”
- Trend Micro “Cybercriminals are taking advantage of the 2024 Paris Olympics? ~”
- Yomiuri Shimbun “Card information theft scam site claims to deliver Paris Olympics videos … expert says connect from legitimate site”
- Grand Palais Pressroom “Le GrandPalaisRmn visé par une cyberattaque”
- Sud Ouest “Cyberattaque contre des musées: Grand Palais, Louvre touchés, rançongiciel… Que sait-on à ce stade?”
- Les Echos “La cyberattaque contre les musées français n’a touché que leurs boutiques”
- Infosecurity Magazine “How France is Protecting the 2024 Olympics from Unprecedented Cyber-Attacks”
- France 24 “France reports over 140 cyberattacks linked to Olympics”
Want to know more about how we can help you with your cybersecurity?
Book a meeting with NTT Security experts to learn more about our advisory services and penetration testing. We help you protect sensitive data while ensuring privacy and convenience.