FBI TLP White PIN: Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics July 19, 2021

The FBI is warning entities associated with the Tokyo 2020 Summer Olympics that cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the Olympics. Malicious activity could disrupt multiple functions, including media broadcasting environments, hospitality, transit, ticketing, or security. The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments.

Threat Overview

Large, high-profile events provide an opportunity for criminal and nation-state cyber actors to make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals. The Tokyo 2020 Summer Olympics may attract additional attention from these actors, as they are the first to be viewed solely through broadcast and digital platforms due to the prohibition on in-person spectators. Adversaries could use social engineering and phishing campaigns in the lead up to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event. Social engineering and phishing campaigns continue to provide adversaries with the access needed to carry out such attacks.

For example, the FBI indicted Russian cyber actors for intrusions into computers supporting the 2018 PyeongChang Winter Olympics, which culminated in the 9 February 2018 destructive cyber attack against the Opening Ceremony. Prior to the event, the actors targeted South Korean citizens and officials, Olympic athletes, partners, visitors, and International Olympic Committee officials with spearphishing campaigns and malicious mobile applications. The Russian actors obfuscated the true source of the malware by emulating code used by a North Korean group, creating the potential for misattribution.

Cyber actors could use ransomware or other malicious tools and services available for purchase on the Internet to execute DDoS attacks against Internet service providers and/or television broadcast companies to interrupt service during the Olympics. Similarly, actors could target the networks of hotels, mass transit providers, ticketing services, event security infrastructure or similar Olympics support functions.

Criminal or nation-state actors—with different motivations—could hack and leak or hold for ransom sensitive data stolen from a variety of Olympics or Olympics support entities. In late May 2021, Japanese information technology equipment and service company Fujitsu disclosed a breach that compromised data from several of its corporate and government clients, including the Tokyo 2020 Organizing Committee and the Japanese Ministry of Land, Infrastructure, Transport, and Tourism.

View the entire FBI PIN Report below.