Cyberactivity surrounding the Winter Olympics.
By Tim Nodar, the CyberWire staff
Feb 4, 2022

Some of the usual suspects may be quiet, not wanting to get on Beijing's bad side, but there are plenty of threats provided by the host country itself.

Cyberactivity surrounding the Winter Olympics.

Russia, Iran, and the DPRK are likely to hold their cyber-fire during the 2022 Games.

Researchers at Recorded Future believe the Winter Olympic Games are unlikely to face the types of state-sponsored disruptive attacks that past Olympics have faced, since Russia, Iran, and North Korea are unwilling to launch such attacks against China, the Washington Post reports. The researchers do expect criminal and hacktivist cyberactivity surrounding the games, although they haven’t seen much discussion about attacks from ransomware actors.

“Recorded Future concludes that Russia, Iran, and North Korea likely lack the motivation to launch disruptive cyberattacks against the 2022 Winter Olympics due to their close geopolitical relationships with China. Instead, Chinese, Russian, Iranian, and North Korean state-sponsored cyber operations are more likely to be conducted according to surveillance and cyber espionage intelligence requirements. 

“We did not observe any notable dark web chatter or statements by ransomware groups expressing intent to target the 2022 Winter Olympics, though we did identify advertisements on dark web markets for the sale of account details related to the volunteer and media portals of the Games. Financially motivated threat actors will almost certainly opportunistically exploit the 2022 Beijing Winter Olympics, particularly with Olympic-themed phishing campaigns, to target a range of victims, including the Games themselves, associated organizations, and individuals attending or engaging with the event. Further, hacktivists will likely target the Games, including corporate sponsors, in response to China’s human rights abuses. Corporate sponsors are already receiving significant online criticism for being associated with the Games being hosted in Beijing.”

But participants are being warned to be wary of the host nation.

As a result, much of the advice from Western governments for their athletes concerns surveillance from China itself. Axios offers a summary of advice offered by the Netherlands, the UK, Canada, Germany, Finland, and Australia. Additionally, the US FBI issued the following advisory on Monday:

“The FBI is warning entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities to disrupt these events. These activities include distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, or insider threats, and when successful, can block or disrupt the live broadcast of the event, steal or leak sensitive data, or impact public or private digital infrastructure supporting the Olympics. 

“Additionally, the FBI warns Olympic participants and travelers of potential threats associated with mobile applications developed by untrusted vendors. The download and use of applications, including those required to participate or stay in country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware. The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games. The National Olympic Committees in some Western countries are also advising their athletes to leave personal devices at home or use temporary phones due to cybersecurity concerns at the Games. The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments.”

Last year's National Games of China were hacked.

Researchers at Avast have found that an unknown threat actor gained access to the IT networks of the 2021 National Games of China, which were held last September, the Record reports. The researchers believe say "it appears the breach was successfully resolved prior to the start of the games," and they aren't sure what the hackers' motivations are. The attackers displayed "high fluency in Chinese," and gained access via a vulnerable web server.

Livestreaming presents the usual issues.

Finally, Daniel Smith, Head of Threat Intelligence at Radware, notes that coverage of the 2022 Games (if perhaps not administration of the Games themselves), like last year’s Tokyo Olympics, are particularly vulnerable to cyberthreats due to their heavy use of livestreaming technologies to broadcast the events.