As the 2024 Paris Olympics, the world’s premier sports event, unfolded with 184 participating countries and 10,500 athletes competing before an audience of nearly 300 million, it also became a focal point for unprecedented international cyberattacks. Over the course of the 17-day event, the massive online presence and high-profile nature of the Games made it a prime target for cybercriminals seeking to exploit vulnerabilities and disrupt the global spectacle.
The French government’s cybersecurity agency, ANSSI, reported a total of 141 cyberattacks during the Games. Of these, 119 were low-impact security events, while 22 involved malicious actors successfully compromising victims’ information systems. The attacks primarily targeted sports events, infrastructure, transportation, telecommunications, and government agencies.
On June 6, Google Cloud noted in its blog that “the security community (was) better prepared for the cyber threats facing the Paris Olympics than it (had) been for previous Games, thanks to insights gained from past events.” Despite this, the report emphasized that the cyber threats were highly sophisticated and complex. It highlighted Russia as a high-risk actor, with China, Iran, and North Korea categorized as medium to low risk. Moreover, the firm detailed that attacks were directed at various elements, including event organizers, sponsors, ticketing systems, Paris’s cyber infrastructure, and both athletes and audience members.
Disinformation
Microsoft released a threat intelligence report revealing that Russian influence actors were actively spreading disinformation to undermine the 2024 Paris Olympics. The goal of these campaigns was to damage the event’s reputation and create safety concerns among the audience, thereby reducing participation.
Researchers from Microsoft and U.S. government officials have identified several Kremlin-linked groups actively involved in spreading disinformation to undermine the 2024 Paris Olympics. Among the most prominent of these groups are Storm-1679 and Storm-1099.
Storm-1679 was particularly active in disseminating misleading content. This group created and circulated fake warning videos that impersonated the U.S. Central Intelligence Agency (CIA) and the French General Directorate for Internal Security (DGSI). These videos were designed to instill fear and uncertainty, aiming to discourage viewers from attending the Olympics. Additionally, Storm-1679 propagated fabricated images of the Munich massacre, a terrorist attack from the 1972 Summer Olympics, to incite fears of similar violence occurring at the Paris Games. They also produced a misleading documentary titled “Olympic Has Fallen,” which featured a deep-faked voice of American actor Tom Cruise. This documentary, falsely claimed to be a Netflix production, criticized the International Olympic Committee (IOC) and promoted a pro-Kremlin narrative.
Another group, Storm-1099, also known as “Doppelganger,” contributed to the disinformation campaign by creating 15 counterfeit French news websites. These fake sites exaggerated allegations of corruption and potential violence related to the Olympics, further spreading disinformation to erode public trust and heighten safety concerns.
These coordinated disinformation efforts were meticulously designed to exploit the high-profile nature of the Olympics and manipulate public perception on a global scale.
Infrastructure: Facilities under attack
On August 6, the Grand Palais in Paris, which hosted fencing and taekwondo events, was hit by a ransomware attack, according to the Paris prosecutor’s office. Additionally, over 40 museums across France, including those managed by the French national museum organization RMN, were targeted. The attackers demanded a ransom and threatened to release the victims’ data within 48 hours. However, RMN has not confirmed the ransom demand and found no evidence of a data breach. The organization also reported that the Olympic events were not disrupted.
Data leak: Personal data at risk
In its website, South Korean data intelligence company S2W reported discovering a leak of Olympic-related information on the dark web and Telegram.
S2W found that the Islamic hacktivist group “LulzSec Muslims” had hacked into the Olympic website, compromising approximately 3,000 personal data records. The group announced the successful breach on its Telegram channel on July 31, stating that the attack was motivated by religious reasons and support for Palestine, and targeted France due to its support of Israel.
Additionally, on August 7, a threat actor known as “RestarterMan” on a Russian dark web hacking forum released about 30 download links to over 50GB of files leaked from the Polish anti-doping agency. The hacker claimed that the data exposed evidence of illegal drug use by European Union athletes, particularly Ukrainian and Polish competitors. The leak is suspected to be a retaliatory act in response to Russia’s Olympic ban, according to the company.
Precedents: 2020 Tokyo, 2018 Pyeongchang
The Olympics have long been a prime target for cyber threats. The 2020 Tokyo Olympics, for instance, saw Nippon Telegraph and Telephone Corporation (NTT), which managed the event’s network, report an astonishing 450 million cyberattacks. Similarly, the 2018 Pyeongchang Winter Olympics and the 2016 Rio Summer Olympics also experienced significant international cyberattacks.
On February 9, 2018, during the opening ceremony of the Pyeongchang Winter Olympics, a major hacking incident paralyzed nearly 300 computers at the Pyeongchang Organizing Committee, disrupting ticket printing and Wi-Fi access at the stadium. Hackers also targeted foreign organizations and individuals associated with the Games.
Further scrutiny revealed on October 19, 2020, by the U.S. Department of Justice (DOJ) and the United Kingdom Foreign, Commonwealth & Development Office (FCDO), that Russia’s military intelligence service, the GRU, was responsible for the cyberattacks during the Pyeongchang Olympics. The GRU also conducted cyber reconnaissance against the 2020 Tokyo Olympics and Paralympics.
