Threats to the 2022 Winter Olympics

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

This report synthesizes findings from the Recorded Future® Platform and open-source intelligence (OSINT) sources to analyze the threat landscape ahead of the 2022 Beijing Winter Olympic Games. The threats analyzed include nation-state cyber operations, financially motivated and hacktivist cyber threats, influence operations, and geopolitical and physical security threats. This report will be of most interest to organizations affiliated with the Olympics organization, Olympic sponsors, or individuals intending to participate in or engage with the upcoming Winter Olympics.

Executive Summary

The hosting of the 2022 Winter Olympic Games in Beijing, China, significantly alters the cyber, information, geopolitical, and physical threats that face the Games. This report analyzes a whole spectrum of threats facing the 2022 Winter Olympics, including state-sponsored cyber operations, financially motivated and hacktivist cyber activity, Chinese state-sponsored influence operations, international geopolitical tensions, and physical security threats including protests.  

Recorded Future concludes that Russia, Iran, and North Korea likely lack the motivation to launch disruptive cyberattacks against the 2022 Winter Olympics due to their close geopolitical relationships with China. Instead, Chinese, Russian, Iranian, and North Korean state-sponsored cyber operations are more likely to be conducted according to surveillance and cyber espionage intelligence requirements. We did not observe any notable dark web chatter or statements by ransomware groups expressing intent to target the 2022 Winter Olympics, though we did identify advertisements on dark web markets for the sale of account details related to the volunteer and media portals of the Games. Financially motivated threat actors will almost certainly opportunistically exploit the 2022 Beijing Winter Olympics, particularly with Olympic-themed phishing campaigns, to target a range of victims, including the Games themselves, associated organizations, and individuals attending or engaging with the event. Further, hacktivists will likely target the Games, including corporate sponsors, in response to China’s human rights abuses. Corporate sponsors are already receiving significant online criticism for being associated with the Games being hosted in Beijing.

Hosting the 2022 Winter Olympics is an opportunity for the Chinese government to broadcast the successes of China’s political and economic system. Accordingly, China’s influence operations to promote and support the Beijing Games are mainly positive and target both domestic and international audiences. These influence efforts are paired with a much more negative campaign to defend against criticism of China’s human rights abuses. The Chinese government is already conducting widespread domestic censorship of this criticism and is seeking to downplay and discredit the international diplomatic boycott effort. There have also been grassroots calls for physical protests at the Games, primarily in response to China’s human rights abuses. The most recent news, however, indicates that the public will no longer be able to attend the Games due to strict COVID-19 measures. Protests taking place in the weeks leading up to the Games will likely intensify as the Games begin.

Key Judgments

• Recorded Future is not aware of any state-sponsored APT activity targeting the 2022 Winter Olympics, associated organizations, or individuals. Similarly, we have not observed any expressed intent to target the Games by ransomware groups or actors on dark web forums, although the potential for a significant profit makes the Games an attractive target for ransomware groups.
• Disruptive Russian, Iranian, and North Korean state-sponsored cyberattacks targeting the 2022 Winter Olympics are unlikely to manifest due to the close relationships those countries maintain with the host nation, China. Instead, Chinese, Russian, Iranian, and North Korean state-sponsored cyber operations at the 2022 Winter Olympics are likely to be driven by surveillance and cyber espionage intelligence requirements.
• It is almost certain that financially motivated threat actors will opportunistically exploit the 2022 Winter Olympics, particularly with Olympic-themed phishing campaigns. We have already observed an Olympic-themed malware sample. Furthermore, hacktivists will likely target the Games, including corporate sponsors, in protest against the Chinese government’s human rights abuses.
• The Chinese government has engaged its entire propaganda system in a long-term, coordinated influence campaign to promote the 2022 Winter Olympics and defend against domestic and international criticism while also conducting widespread censorship of such criticism.
• The 2022 Winter Olympics is being used to promote the digital yuan (e-CNY) by making it possible for foreign visitors to use the e-CNY at Olympic venues in Beijing without having a Chinese bank account, likely to build international credibility of China’s central bank digital currency as part of a larger effort to boost the international standing of the yuan.
• The Chinese government has sought to downplay and discredit international efforts to boycott the 2022 Winter Olympics to mitigate the reputational effect the boycott poses. There have been grassroots calls for physical protests at the Games, and protests will likely intensify, with calls for protests both in China and worldwide as the Games get underway.

Editor’s Note: This post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.