Cybercriminals Prepare to Attack Paris 2024 Olympic Games

The Olympics, which will begin later this month in Paris, are being targeted by cybercriminals, who have been planning attacks for more than a year. According to a new analysis by FortiGuard Labs, based on threat intelligence provided by FortiRecon, it has detected a significant increase in resources aimed at breaching the security of the event, especially targeting French-speaking users, French government agencies, businesses and infrastructure providers.

FortiGuard Labs has observed an 80% to 90% increase in darknet activity targeting France since the second half of 2023, a trend that has remained steady through the first half of 2024. This growing threat highlights the sophistication and organisation of cybercriminals, who use the darknet as a hub for their malicious activities.

Rise of Malicious Activity on the Darknet

During this period, there has been an increasing availability of advanced tools and services designed to accelerate data breaches and collect personally identifiable information (PII). This data includes full names, dates of birth, government identification numbers, email addresses, phone numbers and residential addresses.

In addition, the sale of French databases containing sensitive PII, the offer of stolen credentials and compromised VPN connections, as well as an increase in advertisements for phishing kits and customised exploit tools for the Paris Olympics have been detected.

Increased Hacktivist Activity

The exclusion of Russia and Belarus from the Paris Olympics has led to increased activity by pro-Russian hacktivist groups such as LulzSec, noname057(16), Cyber Army Russia Reborn, Cyber Dragon and Dragonforce. These groups have explicitly identified the Olympic Games as their main target.

Activity has also been observed from hacktivist groups from other countries and regions, including Anonymous Sudan (Sudan), Gamesia Team (Indonesia), Turk Hack Team (Turkey) and Team Anon Force (India), who seek to disrupt the sporting event and amplify their political messages to a global audience.

Phishing remains one of the most common forms of attack, and cybercriminals have refined their methods through the use of phishing kits that facilitate the creation of convincing emails and malicious payloads. FortiGuard Labs has documented numerous typosquatting domains registered around the Olympic Games, designed to trick users and steal information.

In collaboration with Olympic partners, the French National Gendarmerie has identified 338 fraudulent websites claiming to sell tickets to the Olympic Games, shutting down 51 of them and issuing formal warnings to 140 others.

Olympic-themed lottery scams have also been detected, impersonating major brands such as Coca-Cola, Microsoft, Google and the World Bank. These scams mainly target users in the United States, Japan, Germany, France, Australia, the United Kingdom and Slovakia.

Malware Threats and Information Theft

Information-stealing malware has shown a notable increase in activity, with threat actors deploying various types of malware to infiltrate victims’ devices and steal sensitive data. Raccoon, Lumma and Vidar are the most active programmes in France, stealing passwords, credit card details and other personal data.

In addition to celebrating the athletic spirit, the Paris 2024 Olympic Games are a high-risk target for cyberthreats, attracting the attention of cybercriminals, hacktivists and state-sponsored actors. Cybercriminals are exploiting phishing scams and fraudulent schemes to prey on unsuspecting participants and spectators, while hacktivist groups seek to disrupt the event to amplify their messages on a global stage.