Despite these preparations, cybersecurity experts remain concerned about non-traditional targets — businesses or organisations that may not have the same level of protection as more obvious targets
In June, websites for a prominent French film festival and the historic Grand Palais in Paris were forced offline following a cyberattack. This incident was traced back to a group of hacktivists linked to Russian intelligence, who described the attack as a “training exercise.” According to researchers at cybersecurity firm Cyble Inc., these hackers have consistently stated their intention to launch large-scale cyberattacks during the Summer Olympics in Paris.
As the Summer Games draw near, organisers are bracing for a surge in cyberattacks. The situation is compounded by several factors: Russia’s exclusion from the Games, rising geopolitical tensions in the Middle East and the South China Sea, and ongoing cyber threats against corporate networks worldwide. To address these challenges, a collaborative effort involving government agencies, private sector experts, and Olympic cybersecurity specialists has been underway for months.
Eric Greffier, the business and technology director at Cisco Systems France, an official partner of the Games, emphasized the difficulty of achieving complete cybersecurity readiness. “No one can pretend to be 100 percent ready. At best, you’re 99 percent ready, and you want to look for the 1 percent where you’re not,” he said. “You know what you know, and unfortunately, you don’t know what you don’t know.”
The French government’s cybersecurity agency, ANSSI, has identified 500 organisations and facilities critical to the Summer Games. These include local governments, energy suppliers, transport operators, and water management companies, whose failure could impact one or more Olympic events. ANSSI has been working with these entities to audit their systems for potential cybersecurity flaws. The agency has assembled a task force of 630 employees dedicated to safeguarding the Games. They are also joined by US allies; employees from the US Cybersecurity and Infrastructure Agency (CISA) are collaborating with ANSSI, sharing threat intelligence and coordinating efforts to protect the critical sectors of both the US and France.
Despite these preparations, cybersecurity experts remain concerned about non-traditional targets — businesses or organizations that may not have the same level of protection as more obvious targets. Fanch Francis, CEO of the French cybersecurity company NANO Corp, noted, “I believe the most valuable targets will be sufficiently protected. I do have doubts about soft targets like hotels and restaurants or other support facilities.”
Hackers have previously targeted Olympic events and related organizations, such as anti-doping agencies. During the 2018 Winter Games in South Korea, hackers disrupted the online ticketing system and disabled Wi-Fi at the stadium during the Opening Ceremony. The US later attributed these attacks to Russian intelligence operatives. In 2019, Microsoft reported that Russian state actors targeted the computer networks of over a dozen national and international anti-doping organizations. These attacks coincided with the World Anti-Doping Agency’s imposition of penalties on Russia, following revelations that drug test results for Russian athletes in the 2014 Sochi Winter Olympics had been tampered with. For the upcoming Paris Games, Russia is banned for violating the Olympic charter by including Ukrainian sports organizations under its own. However, Russian athletes can participate as “neutral” athletes if they meet specific conditions.
John Hultquist, chief analyst at Mandiant Intelligence, highlighted the ongoing conflict between Russia and Ukraine as a potential catalyst for cyberattacks. “There’s already this extensive history, and that all predates Ukraine,” he said. “The ingredients are all there, and the situation is actually more volatile than it was in the previous circumstances.” The Russian Embassy in Washington did not respond to requests for comment on these matters.
While cybersecurity officials in Paris have been tight-lipped about the range of attacks encountered so far, some incidents have come to light. In May, the X account of France’s sports minister was hacked, with her profile picture altered before the account was restored, according to French media reports. In June, scammers set up fraudulent ticketing websites to defraud spectators, but these sites were quickly identified and taken down, as reported by cybersecurity firm Intel 471.
There is also concern about disinformation campaigns aimed at influencing public opinion about the Games. In June, Microsoft reported a pro-Russian propaganda effort using artificial intelligence to suggest potential violence at the Paris Olympics. Additionally, social media posts originating from Russian language platforms and later spreading to mainstream outlets falsely claimed that the Games would be canceled due to threats of terrorism or civil unrest in France. These posts, fueled by Russian influencers and bots, garnered tens of thousands of likes and were shared nearly 15,000 times, according to Sarah Boutboul, an intelligence analyst for Blackbird AI in France.
Jeremy Couture, head of the cybersecurity operations center for the Paris 2024 organizing committee, has sought advice from those responsible for protecting major events like the Rugby World Cup and the Super Bowl. “I told them I was organizing 40 Super Bowls,” Couture said, reflecting on his discussions with National Football League officials. He has been developing backup plans to ensure the resilience of the Games in the face of potential cyberattacks. “It’s about being able to react to the worst and still deliver and to ensure, in our case, that the competitions will still go on, and that’s really what we want to achieve,” he explained.
The eyes of the world are on Paris, and as the Summer Olympics approach, the stakes are high. Organizers remain vigilant, knowing that the threat of cyberattacks looms large over one of the world’s most celebrated sporting events.