FBI TLP White PIN: Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics July 19, 2021

Summary

The FBI is warning entities associated with the Tokyo 2020 Summer Olympics that cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the Olympics. Malicious activity could disrupt multiple functions, including media broadcasting environments, hospitality, transit, ticketing, or security. The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments.

Threat Overview

Large, high-profile events provide an opportunity for criminal and nation-state cyber actors to make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals. The Tokyo 2020 Summer Olympics may attract additional attention from these actors, as they are the first to be viewed solely through broadcast and digital platforms due to the prohibition on in-person spectators. Adversaries could use social engineering and phishing campaigns in the lead up to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event. Social engineering and phishing campaigns continue to provide adversaries with the access needed to carry out such attacks.

For example, the FBI indicted Russian cyber actors for intrusions into computers supporting the 2018 PyeongChang Winter Olympics, which culminated in the 9 February 2018 destructive cyber attack against the Opening Ceremony. Prior to the event, the actors targeted South Korean citizens and officials, Olympic athletes, partners, visitors, and International Olympic Committee officials with spearphishing campaigns and malicious mobile applications. The Russian actors obfuscated the true source of the malware by emulating code used by a North Korean group, creating the potential for misattribution.

Cyber actors could use ransomware or other malicious tools and services available for purchase on the Internet to execute DDoS attacks against Internet service providers and/or television broadcast companies to interrupt service during the Olympics. Similarly, actors could target the networks of hotels, mass transit providers, ticketing services, event security infrastructure or similar Olympics support functions.

Criminal or nation-state actors—with different motivations—could hack and leak or hold for ransom sensitive data stolen from a variety of Olympics or Olympics support entities. In late May 2021, Japanese information technology equipment and service company Fujitsu disclosed a breach that compromised data from several of its corporate and government clients, including the Tokyo 2020 Organizing Committee and the Japanese Ministry of Land, Infrastructure, Transport, and Tourism.

View the entire FBI PIN Report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

(M) +1 202 640 9159

Related Resources

Advancing Health Podcast
Public
America’s hospitals and health systems are at risks of attacks that threaten the bio-economy. How do these threats affect patients and citizens and what we can…
Fact Sheets
It is imperative that Congress invest in America’s hospitals and health systems to ensure that the nation’s health care needs can be met today and into the…
Letter/Comment
The American Hospital Association (AHA) would like to share hospital and health system priorities that would benefit patients and communities around the…
Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Public
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…