Russia Aims Cyber Operations at Summer Olympics
As always, Russian APTs are hoping to foment unrest by stoking existing societal divides and fears, this time around the Olympics and EU politics; and, concerns remain around physical disruption.
June 3, 2024
Two Russian state-aligned threat actors have been carrying out online influence operations designed to undermine the upcoming Olympic Games in Paris.
For a year now, Storm-1679 and the recently disrupted Storm-1099 (aka "Doppelganger") have been spreading fake news, doctored images, and artificial intelligence (AI)-aided videos about the Olympics on social media. According to a Microsoft report this week, the goal seems to be twofold: harm the reputation of the International Olympic Committee (IOC) (which has banned Russia in the past), and stoke fears around potential violence at the Summer Games.
Time will tell whether these operations are a precursor to more direct cyberattacks during the Games themselves.
Russia vs. the Olympics
Russia's influence campaigns against the 2024 Olympics began with a bang.
Last June, Storm-1679 published to Telegram a full feature-length movie titled "Olympics Has Fallen," a play on the popular 2013 blockbuster "Olympus Has Fallen." It came with all the bells and whistles: a fake Netflix intro, fake five-star reviews from major US newspapers, slick special effects, and narration from an AI-generated voice resembling Tom Cruise. The group spread its masterpiece on social media, even commissioning celebrities on Cameo to unwittingly help promote it.
In months since, Storm-1679 has developed as an auteur with videos pretending to come from the CIA, France's General Directorate for Internal Security (DGSI), French broadcaster France24, and the Belgium-based Euro News. All of these videos carried the same theme: warning viewers about terrorist threats to the summer games, in one creative way or another.
In comparison, Storm-1099 has taken a relatively more straightforward approach to fake Olympics-themed content. Particularly in the last couple of months, the group has been using 15 French-language fake news websites to spread rumors about corruption in the IOC, fears about purported violence to come in July, and criticisms of French president Emmanuel Macron.
Concerns About Physical Attacks on Paris Olympics
Russia's recent history with the Olympics has not been defined by sporting achievement and medals.
Besides a highly publicized doping scandal, it's best known for sponsoring a major cyberattack during the 2018 Winter Games in PyeongChang, South Korea. That attack, dubbed Olympic Destroyer, temporarily disabled IT systems — including Wi-Fi at the stadium, IOC worker monitors, and the event's ticketing website — during the opening ceremony to the events, and was cleverly designed to pin the blame on North Korea's Lazarus group.
So while influence operations have their place in defenders' thoughts, "the first and largest fear on everyone's mind would be that attackers stop the Games — that they interfere with critical infrastructure such as power or networking, which prevent events from executing or from being watched," says Sean McNee, head of research for DomainTools.
"The unique nature of the Olympic IT infrastructure increases its vulnerability, offering an extensive and unique surface area to attack," he notes. For this reason, securing the games will require immense international coordination and planning, with an emphasis on physical security, and training staff for potential cyberattack scenarios.
"The Games will need a fully operational security operations center (SOC) with trained personnel to monitor for possible attacks. Because they only happen every four years, the staff will need to be ready for the unexpected, as the attack and defense landscape has changed dramatically since the last Games," he warns.
About the Author
You May Also Like
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024