Written by Tonya Riley
State-sponsored hacking groups have been unusually quiet ahead of next month’s Olympics in Beijing. The researchers say there’s a big reason for that: no one wants to get on China’s bad side.
“Disruptive Russian, Iranian and North Korean state-sponsored cyberattacks targeting the 2022 Winter Olympics are unlikely to materialize due to the close relationship these countries have with host country China,” write researchers at Recorded Future in a report on potential cybersecurity threats. Games published on Wednesday.
Although high-level attacks are unlikely, the Winter Games still present a target-rich environment for nation-state groups that focus on cyber espionage, researchers say. And, as is usually the case with any major international event, cybercriminals will also be looking for opportunities to scam athletes, organizers, volunteers and fans during the Winter Games.
Beware of SIM cards
Advanced Persistent Threat (APT) groups from Iran and Russia, while unlikely to attack China or the games, will likely use the event as a chance to spy on countries seen as adversaries. according to the researchers.
Chinese state-sponsored hackers, meanwhile, will likely turn to foreign athletes and government officials attending events. Researchers at Recorded Future found surveillance of personal devices by Chinese actors to be “highly likely”.
Potential avenues of surveillance include special mobile SIM cards offered to foreign athletes to bypass China’s firewall and the MY2022 Olympics app that all participants must install.
The MY2022 app collects data including user passports and COVID-19 records. Researchers from the Citizen Lab at the University of Toronto found that the app failed to properly encrypt data transfers, the New York Times first reported. several nations including the United States advised athletes not to bring their personal phones due to the risk of eavesdropping and malware. Many foreign journalists are also use cell phones for games.
The apparent lack of state-sponsored activity is a huge departure from previous years, when hackers used the Olympics to exert their power and send a message to adversaries.
The Russian APT known as Fancy Bear has been particularly active in the past. Fancy Bear, also known as APT 28, Sofacy and Strontium, was linked to a historic cyberattack on the 2018 Winter Games in Pyongyang that disrupted the games’ opening ceremonies. In 2016, Fancy Bear was accused of stealing and leaking personal and health information from top athletes including Venus and Serena Williams and Simone Biles during the 2016 Summer Olympics in Rio de Janeiro. Ahead of the Tokyo 2020 Summer Games, the group again targeted anti-doping authorities and sports organizations.
The World Anti-Doping Agency, a foundation launched by the International Olympic Committee to monitor and prevent drug use by athletes, has also been a frequent target of Russian hackers, thanks to the organization’s investigations and possible ban from Russia Olympic Games for non-compliance with international anti-doping rules.
follow the money
What Beijing will likely have in common with previous games is a swarm of financially motivated hackers who hope to take advantage of individuals, stealing their personal data or money. Financially motivated attacks on the Olympics have more than doubled in the past decade, according to Japanese telecommunications company NTT reports 450 million “security events” impacting the Tokyo 2020 Games.
Researchers have previously seen web chatter bragging about the alleged sale of information belonging to candidates to volunteer for the 2022 Beijing Winter Olympics. Tokyo organizers suffered a similar attack when hackers entered breaking into a Japanese contractor’s data tool that contained information on individuals from 90 different organizations involved in the games.
Researchers expect to see more financially motivated scams, including phishing campaigns designed to steal user credentials, leading to gambling.