Live Updates: Tokyo 2020 Olympics Cyber Threats and Attacks
Threat Actors • Jul 24, 2021
We use cookies to improve your experience. Do you accept?
Threat Actors • Jul 24, 2021
Tokyo Olympics, a major sporting event in the world, is on the radar of cybercriminals. Cyware has created this resource to collect and share live alerts regarding any cyber incidents and threats related to this event, including reported malware attacks, vulnerability exploits, threat actor activities, indicators of compromise (IOCs), and other relevant threat intelligence. We are actively working to keep this page updated and accurate in order to ensure that it is timely and relevant to as many people as possible.
****_****_****_****_********____
(Aug 18, 2021)
On July 19, just before the opening of the Tokyo Olympics, Trend Micro confirmed a case where a web page disguised as a TV broadcast schedule for the Tokyo Olympics was directed to a suspicious sports broadcast site. Now it has been revealed that a fake page that leads to a suspicious sports broadcasting site of the same type has been confirmed by web search.
Ref - Trend Micro
****_****_****_****_********____
(Aug 12, 2021)
During the first week of the Olympic Games, Imperva Research Labs monitored a significant spike in search engine impersonators. Incoming traffic to sporting sites saw an unusual 48% increase in Yahoo impersonators, 66% increase in Baidu impersonators, and 88% increase in Google impersonators.
Ref - Imperva
****_****_****_****_********____
(Aug 6, 2021)
As well as looking to steal personal data, which is primarily perpetrated by those motivated by financial gain, high-profile events such as the Olympics are tempting targets for groups and individuals with political aims, including nation-state actors. Given the scale of cyber-threats facing individuals, teams, and the running of high-profile events, it is clear that organizers have a responsibility to ensure they have the most robust possible cybersecurity in place.
Ref - Infosecurity Magazine
****_****_****_****_********____
(Aug 6, 2021)
According to a study by Dr. Tatsuya Mori, a specialist in information security at the University of Waseda in Tokyo, there are today 1,753 domain names using terms related to the Olympics, such as “Tokyo,” “2020,” and “Olympics.” Among these 1,753 domain names, 148 will be used to deploy fake websites for popular topics like merch sales and ticket refunds. The goal of these cybercriminals is to steal personal information to sell on the black market.
Ref - Gandi
****_****_****_****_********____
(Aug 4, 2021)
Cyberattacks and scams targeting the Tokyo Olympic-related events have peaked as the fever of the largest sporting competition grips the entire world. Besides reports of attacks and data breaches associated with the Olympic events, cyber scams targeting common sports enthusiasts have also been reported. The website 'olympictickets2020[.]com' is one dubious portal identified by security researchers that was allegedly used by scammers to sell fake tickets.
Ref - India Today
****_****_****_****_********____
(Aug 3, 2021)
The latest research from NordPass shows that people are creating passwords based on Olympic events and athletes despite warnings from cybersecurity experts not to use simple or weak passwords. Among the sporting events themselves, "football" scores the top goal by being used as a password more than 5.8 million times, according to NordPass' analysis.
Ref - TechRepublic
****_****_****_****_********____
(Aug 4, 2021)
Cyberattacks and scams targeting the Tokyo Olympic-related events have peaked as the fever of the largest sporting competition grips the entire world. Besides reports of attacks and data breaches associated with the Olympic events, cyber scams targeting common sports enthusiasts have also been reported. The website 'olympictickets2020[.]com' is one dubious portal identified by security researchers that was allegedly used by scammers to sell fake tickets.
Ref - India Today
****_****_****_****_********____
(Aug 3, 2021)
The latest research from NordPass shows that people are creating passwords based on Olympic events and athletes despite warnings from cybersecurity experts not to use simple or weak passwords. Among the sporting events themselves, "football" scores the top goal by being used as a password more than 5.8 million times, according to NordPass' analysis.
Ref - TechRepublic
****_****_****_****_********____
(Aug 2, 2021)
Attacking sporting events can be very lucrative for hackers whether they are looking for money or personal information. The millions of people present at the event are access points to the organizer’s information system. There are several types of attacks frequently used, including infiltration of sports sites and their information systems, scams linked to the tickets, theft, and disclosure of athletes’ personal data, and theft of personal information of visitors.
Ref - Security Boulevard
****_****_****_****_********____
(Aug 2, 2021)
Geopolitical unrest plays a major role in bad actor activity, and the CTA report notes that nation-state actors pose the highest threat to the games. From the host country to the games committee, sponsors, and even individual competing nations and athletes, keeping a strong cybersecurity posture is vital.
Ref - NetScout
****_****_****_****_********____
(July 28, 2021)
Measurable cyber-attacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing. However, the Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. 2000 Sydney Olympics, also referred to as “The Internet Olympics” was the first major Olympics event where organizers braced for hacking-related impact.
Ref - Malwarebytes
****_****_****_****_********____
(July 28, 2021)
Experts have discovered a website selling a virtual currency that claims to be for a support fund for the Olympic athletes. This is an attempt to help athletes in need but there is no official Olympic token, which means the scammer is the only one who benefits. This is one of the many ways Kaspersky’s analysis found scammers to be taking advantage of the Olympic’s popularity.
Ref - CEPro
****_****_****_****_********____
(July 28, 2021)
Login credentials of Tokyo Olympics ticket buyers were reportedly leaked on the internet. Similarly, account credentials of Tokyo Paralympics ticket purchasers and the volunteers of the Summer Games have been leaked. The official attributed the data leak to unauthorized access of computers or smartphones.
Ref - CPO Magazine
****_****_****_****_********____
(July 28, 2021)
With the current, no spectator rule, hackers, Russian-sponsored or otherwise, will have to turn to other methods to target Tokyo Olympics games. Ransomware tops the list of threats, and indeed, the Japanese Olympic Committee revealed recently it was hit by a ransomware attack in April and that it had not paid a ransom and replaced all infected computers. A phishing attack involving a PDF in Japanese was sent to event organizers in an attempt to lure them to malware-infected ads, which could disrupt their communications.
Ref - Standard-Examiner
****_****_****_****_********____
(July 27, 2021)
In what is the biggest cybersecurity blunder of the Tokyo Olympics, an Italian TV announcer did not realize he was on air when he asked for the password for his computer. He asked during the broadcast of the Turkey-China volleyball game, apparently not realizing he was still on air. A colleague of the announcer can be heard in the background saying the password depends on the Olympics organizers and asking the announcer if it's on a paper or post it close-by.
Ref - Vice
****_****_****_****_********____
(July 27, 2021)
The Olympics could be targeted by any number of possible attacks, including distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats. To overcome these threats, Japan trained 220 “ethical hackers” earlier this year in hopes to create a more cyber-secure Tokyo 2020.
Ref - Tech Wire Asia
****_****_****_****_********____
(July 26, 2021)
FortiGuard Labs has observed new threat samples targeting the 2021 Tokyo Olympic games. It includes a wiper component, which, if successful, could cause a disruption to targeted machines. The malware was uploaded to a publicly available file repository on July 20th, 2021. A related file was subsequently found to have been uploaded to the same repository on July 17th, 2021. Both files have a PDF icon.
Ref - Fortinet
****_****_****_****_********____
(July 26, 2021)
Dozens of Israeli cybersecurity companies are among those securing the Olympic Games in Tokyo, which is exposed to vast possibilities of cyberattacks. There could be DDOS denial of service attacks that hit a network with tons of traffic in order to knock it offline. Media broadcasting stations could be targeted, or attackers could hit critical infrastructure, like lighting, electricity, and water to cause a major disruption. It depends on the motivation of the group that is attacking.
Ref - The Jerusalem Post
****_****_****_****_********____
(July 25, 2021)
Operation Olympic Games has demonstrated the alluring potential of using cyber means to conduct sabotage and network exploitation tasks. Nevertheless, the Olympic Games also illustrated vividly the paradox of strategy—that any new tactics or technology used will lose its element of surprise after first use. The opponent will learn, adapt, and develop ways and technology to counter it, and may even conduct their own sophisticated and more devastating counter-offensives.
Ref - National Interest
****_****_****_****_********____
(July 24, 2021)
A malicious code was detected, specifically designed to target Japanese PCs, and was detected ahead of the opening ceremony of the 2021 Tokyo Olympics. The malware targets files created with the Ichitaro Japanese word processor. It was designed to wipe certain file types (DOTM, DOTX, PDF, CSV, XLS, XLSX, XLSM, PPT, PPTX, PPTM, JTDC, JTTC, JTD, JTT, TXT, EXE, LOG) in the user’s personal Windows folder.
Ref - Security Affairs
****_****_****_****_********____
(July 23, 2021)
With the opening ceremony of the Tokyo Olympics approaching, malicious software and websites have targeted both event organizers and ordinary fans. A fake PDF file masquerades as a Japanese-language report on Olympics-related cyberattacks, for example. Opening it activates malware that infects the user's computer and deletes files.
Ref - Nikkei
****_****_****_****_********____
(July 22, 2021)
Kaspersky experts analyzed Olympic-related phishing attacks and found fake pages offering streaming services, tickets to events that won't have spectators, and even a fake Olympic Games virtual currency. Security experts recommend that security teams recognize this standard tactic and incorporate an awareness of current events into threat monitoring.
Ref - Tech Republic
****_****_****_****_********____
(July 22, 2021)
The Federal Bureau of Investigation’s Cyber Division has issued a chilling warning that the Games’ TV broadcast is likely to be plagued by attacks. Adversaries could use social engineering and phishing campaigns in the leadup to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event.
Ref - Threat Post
****_****_****_****_********____
(July 22, 2021)
A Japanese security firm said it discovered an Olympics-themed malware sample that contains functionality to wipe files on infected systems and appears to be targeted at Japanese PCs. The wiper’s discovery came two days ahead of the opening ceremony for the 2021 Tokyo Olympics, scheduled to take place this Friday. The wiper doesn’t just delete all of a computer’s data, and instead searchers only for certain file types located in the user’s personal Windows folder, located at “C:/Users/<username>/“.
Ref - The Record
****_****_****_****_********____
(July 22, 2021)
It sounds strange, but it’s true: Russian hackers have disrupted each of the Olympic Games since 2016 when Russia was suspended from full participation. And it brings the question of whether Russia will try to disrupt the 2021 Games as well. No organization has yet offered definitive public evidence that it’s trying, but experts are still on edge.
Ref - NBC News
****_****_****_****_********____
(July 21, 2021)
In a statement to ZDNet, a spokesperson from the Tokyo 2020 International Communications Team said that the initial statement from a Japanese government official was incorrect, and the leak was not from Tokyo 2020’s system. Earlier, a government official told Kyodo News on Wednesday that login IDs and passwords for the Tokyo Olympic ticket portal had been posted to a leak website following a breach.
Ref - ZDNet
****_****_****_****_********____
(July 16, 2021)
Concerns are mounting over possible cyberattacks targeting the Tokyo Olympics, set to kick off on July 23. Institutions linked to the Tokyo Olympics are boosting their vigilance under the scenario that offenders may commit cyberattacks for fame or political reasons at a time when the sporting event with almost no spectators amid the COVID-19 pandemic is drawing international attention.
Ref - Japan Times
****_****_****_****_********____
(July 15, 2021)
Amid a rise in cyberattacks and ransomware incidents, security experts are looking out for digital threats to the Olympic Games, scheduled to start next week in Tokyo. Because major geopolitical events are a prime opportunity for global attention, it’s possible Tokyo will be in the sights of malicious actors hoping to disrupt the proceedings or make money.
Ref - Yahoo
****_****_****_****_********____
(July 15, 2021)
State-sponsored threat actors likely pose the most significant threat to the Olympic Games and Olympics-affiliated entities based on their sophisticated capabilities as well as ongoing disputes between various states and the International Olympic Committee (IOC) or associated bodies. In addition, ransomware likely poses the greatest threat to Olympics-nexus organizations from the cybercriminal perspective.
Ref - Recorded Future
****_****_****_****_********____
(July 14, 2021)
Every sort of organization involved in the Olympics is a potential target, and attackers are opportunists. We may see a fair number of probably fake streaming sites that ask for credit card information to access a free live stream of the Olympics that result in theft of funds from people's bank accounts. Threats of ransomware attacks will also be heightened. All of the financially motivated stuff is going to be pervasive throughout these Olympics.
Ref - Tech Republic
****_****_****_****_********____
(July 4, 2021)
Experts are sounding the alarm about potential cyberattacks on the Tokyo Summer Olympics from those looking to create chaos at the already embattled event. While potential Russian attacks are a major concern, another potential threat is that of a ransomware attack on the Olympics or a third-party vendor that could make it more difficult for the Games to take place.
Ref - The Hill
****_****_****_****_********____
(June 25, 2021)
Hackers penetrated the computer system of the Japanese Olympic Committee last year and temporarily shut down operations. However, because confirmation could not be made that internal documents were stolen, the incident was not reported to the police nor disclosed to the public. The hack occurred in April 2020 shortly after the decision was made to postpone the Tokyo Olympics for a year due to the novel coronavirus pandemic.
Ref - Asahi
****_****_****_****_********____
(June 15, 2021)
Japan has faced multiple cyberattacks and threats — the most recent, according to UK National Cyber Security Centre, was an alleged threat from the Russian military during the preparations of Tokyo 2020 Olympics, where journalists, foreign officials, spectators, and athletes would add to the 117 million active internet users in Japan.
Ref - Forbes
****_****_****_****_********____
(June 4, 2021)
The organizing committee for the Tokyo Olympics has become the latest to be hit by a data breach through unauthorized access to an information-sharing tool developed by Fujitsu Ltd. The leaked information included names, business titles, and affiliations of the participants belonging to about 90 organizations, including the organizing body of the Olympics and Paralympics, ministries, local governments hosting venues such as Tokyo and Fukushima Prefecture, and sponsors of the games.
Ref - Japan Times
****_****_****_****_********____
(June 1, 2021)
Several Japanese government agencies reportedly suffered data breaches originating from Fujitsu’s “ProjectWEB” information sharing tool. The cyberattack affected the Japanese Ministry of Land, Infrastructure, Transport, Tourism, the Cabinet Secretariat, and the Narita International Airport.
Ref - CPO Magazine
****_****_****_****_********____
(June 1, 2021)
The organizing committee for the Tokyo Olympics has become the latest to be hit by a data breach through unauthorized access to an information-sharing tool developed by Fujitsu Ltd. Personal information was leaked from a total of about 170 people who are involved in security management and have participated in a drill hosted by Japan’s national cybersecurity center to brace for potential cyberattacks during the sporting event.
Ref - Japan Times