The Federal Bureau of Investigation (FBI) warned that cyber threat criminals ‘could disrupt’ February 2022 Beijing Winter Olympics and March 2022 Paralympics. The threat, however, is yet to be revealed.
“The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments,” the US security service said in a private industry notification (PIN).
According to FBI, as explained in the TLP, that the nature of the threats could include, distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, or insider threats.
If successful it can “block or disrupt the live broadcast of the event, steal or leak sensitive data, or impact public or private digital infrastructure supporting the Olympics.”
The major aim of these attacks would likely be “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals.”
A similar warning was issued last year, concerning potential cyberattacks at Tokyo Olympics, which was the first to be transmitted through Television broadcast and digital platforms due to Covid-19 restrictions.
The Tokyo 2020 Organizing Committee in late May 2021 faced a data breach, before the competition started, after Fujitsu, a Japanese technology company revealed an attack struck data belonging to the government clients, like the Tokyo 2020 Organizing Committee and the Japanese Ministry of Land, Infrastructure, Transport, and Tourism.
Also, a Citizen Lab report reveals that the official app for the Beijing 2022 Winter Olympics — My 2022 — “has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.”
It further pointed out that “Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.”