FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics

Image: Ryunosuke Kikuno

The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered.

“The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments,” the US intelligence service said in a private industry notification issued on Monday.

As the FBI explains, attacks coordinated by criminal or nation-state threat actors targeting the Tokyo 2020 Summer Olympics could involve distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats.

Such attacks could disrupt or even block live broadcasts of the event, exfiltrate sensitive data before encrypting or after hacking into IT systems, or impact digital infrastructure supporting the Olympics.

The attackers’ end goal would likely be to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals.”

This year’s Summer Olympics come with an increased potential to attract additional attention from malicious actors, given that they are the first to be viewed exclusively via digital platforms or TV broadcast, as required by COVID-19 pandemic restrictions.

On at least one occasion, data belonging to the Tokyo 2020 Organizing Committee was already compromised this year.

“In late May 2021, Japanese information technology equipment and service company Fujitsu disclosed a breach that compromised data from several of its corporate and government clients, including the Tokyo 2020 Organizing Committee and the Japanese Ministry of Land, Infrastructure, Transport, and Tourism,” the FBI said.

Tokyo 2020 Summer Olympics already used as phishing lures

In December 2019, Tokyo 2020 Summer Olympics staff already issued warnings alerting of phishing campaigns impersonating the Tokyo Organizing Committee of the Olympic and Paralympic Games (Tokyo 2020).

That was not the first time attackers have targeted the Tokyo 2020 Olympics, as both American and Japanese recipients were being picked as potential targets of a phishing campaign in September 2019.

According to a KYODO NEWS report, the attacks were uncovered by threat intelligence outfit Antuit while monitoring a hacker group in discussions on the dark web.

“Looking at their dialogue, there is a high possibility that the hacking group is of Chinese origin,” Antuit’s Japanese branch VP Shuhei Igarashi said.

Olympics directly targeted before

Last year, the US Department of Justice charged six Russian Main Intelligence Directorate (GRU) intelligence operatives believed to be part of the Russian-backed hacking group known as Sandworm for hacking operations targeting the Pyeongchang Winter Olympics.

Between December 2017 through February 2018, they coordinated spear-phishing campaigns and developed malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, visitors, and International Olympic Committee (IOC) officials.

They were also indicted for hacking into computers supporting the 2018 PyeongChang Winter Olympic Games, culminating with the February 2018 destructive malware attack against the Olympics opening ceremony, using malware known as Olympic Destroyer.

“The Russian actors obfuscated the true source of the malware by emulating code used by a North Korean group, creating the potential for misattribution,” the FBI said.

The direct result of this destructive attack was failing Internet and television systems used by on-site journalists reporting the opening ceremony.

In light of these previous incidents, the FBI suggests “reviewing or establishing security policies, user agreements, and patching plans to address current threats posed by malicious cyber actors.”

The US security service also shared a list of best practices that would mitigate or even block potential attacks against 2020 Tokyo Summer Olympics’ officials or IT infrastructure.