France | Cyber threats during the Olympics

The Paris Summer Olympic and Paralympic Games will drive a heightened cyber threat against businesses and individuals there

• We have raised our cyber threat exposure level for France from moderate to high
• Russian state-sponsored groups, as well as hacktivists and cybercriminals, will probably view the event as an attractive target

We assess that businesses and individuals will face a heightened threat of hostile cyber operations around the 2024 Summer Olympic and Paralympic Games in Paris. These are scheduled from 26 July to 8 September. The threats stem from nation-state, hacktivist, and cybercriminal groups. We have raised our cyber threat exposure level for France from moderate to high to reflect this. The Olympics have previously been a target for hostile operations; a Japanese telecommunications firm said it had blocked 450m cybersecurity incidents during the Tokyo Olympics in 2021.

Nation-state cyber operations

We are confident that Russian state-sponsored groups will be motivated to conduct cyber operations ahead of and during the event. Intelligence agencies and cybersecurity firms have blamed Russia for several such incidents in recent years. High-profile examples include:

• The UK government accused Russian intelligence of conducting cyber reconnaissance against officials and organisations ahead of the Tokyo Olympics. It said that targets included ‘organisers, logistics services and sponsors’.
• Microsoft said in 2019 that a Russia-backed group had compromised the networks of some sporting and anti-doping agencies ahead of the 2020 Olympics.
• The US said that Russian intelligence services deployed destructive malware against Olympic IT infrastructure during the opening ceremony of the Pyeongchang Winter Olympics in 2018. This disrupted the website, display monitors, and WiFi. And it said that they targeted attendees, athletes, and South Korean officials with phishing campaigns and malicious mobile apps.

Based on these incidents, there is little doubt that Russia would be the perpetrator of any hostile operations around the Olympics this year. It will probably try to target the Olympics and related organisations for espionage, and to disrupt or destabilise the event. Russia’s previous attempts appeared to be partly in retaliation for its suspension from the Games, which is still in place. And amid the war in Ukraine, we anticipate that Russia will be particularly motivated to undermine France over its support for Kyiv.

Russia is likely to do so by deploying phishing attacks containing malware to compromise the networks of government agencies, event organisers, sponsors, and sporting agencies. Priority targets would likely include event IT infrastructure and official websites. But cybersecurity efforts will probably be able to mitigate against any major disruption to the wider event.

There is a reasonable chance of other nation-state groups targeting the event and its sponsors. Iran has previously used cyber operations against organisations in France, but this has appeared to be in retaliation for perceived diplomatic or cultural insults. It conducted a hack-and-leak on French magazine Charlie Hebdo in 2023 after the magazine published cartoons of the Iranian Supreme Leader. But there is no precedent of it targeting international sporting events. And amid the ongoing crisis in the Middle East, we anticipate Tehran will probably prioritise disruptive operations against organisations in Israel and the US over the coming months.

Hacktivist groups likely to mount DDoS campaigns

Pro-Russia and pro-Palestine hacktivist groups are highly likely to mount DDoS attacks around the Olympics. Pro-Russia groups have mounted campaigns around similar high-profile international events and appeared to retaliate against countries that supported restrictions on Russian athletes in recent years. And pro-Palestine groups will probably target the event over French support for Israel and Israeli participation in the Olympics. In recent months, at least one such group has threatened to target the event, though it did not mention specific targets or timings.

Hacktivist groups will probably target the websites of the event, sponsors, and the French government with DDoS and website defacement campaigns. These groups tend to cause only limited disruption to website access.

Some groups appear more capable; in March, the French authorities said that government websites were targeted with DDoS attacks ‘of unprecedented intensity.’ The group Anonymous Sudan claimed responsibility. Hacktivist groups will probably be more successful in disrupting local government or transport sites than official event ones, as these will likely have stronger security measures.

Increase in opportunistic cybercrime

Opportunistic cybercrime actors are also likely to target businesses and attendees around the event with online scams. Based on precedent around similar high-profile events, criminal groups tend to use phishing campaigns with luring subject lines offering discounted tickets or bookings. Such scams have typically been for financial or credential theft. The event organisers have said that cybercriminals are ‘redoubling their efforts’. The former has issued guidance on how to avoid spoofed websites and phishing campaigns, such as by checking domain names and only purchasing tickets from the official website.

There is a more than even chance that ransomware groups will view entities linked to the event as particularly attractive targets in the coming months. The director of the French cybersecurity agency reportedly said last year that cybercrime will be more intense around the Olympics, as ransomware groups view related organisations as more likely to pay ransom. And in June 2023, a cybercriminal group claimed responsibility for a ransomware attack on the French Rugby Federation, a few months prior to the Rugby World Cup in France.

High levels of cyber resilience

France appears to be well positioned to mitigate against and respond to any cyber operations around the Olympics. They are preparing for the cyber threat, such as with ransomware simulation exercises. But an official in cybersecurity quoted in the French media earlier this year said that the use of subcontractors in organising the Games means that the attack surface is broader and weaker, as the IT networks of these firms can be ‘an easier entry point’ than larger ones. Still, our national cyber resilience risk rating is negligible, meaning the country has the highest levels of national cyber resilience by global standards.