Menu
Blog

ZeroFox Assessment: Physical and Cyber Threats to Olympic Games Paris 2024

by ZeroFox Intelligence
ZeroFox Assessment: Physical and Cyber Threats to Olympic Games Paris 2024
29 minute read

Executive Summary: Physical and Cyber Threats to Olympic Games

The Olympic Games Paris 2024 (also referred to as the Olympics, Paris 2024, and the Games) is a highly visible, worldwide event that could be targeted by a variety of actors, both domestic and international, to bring attention to their causes. Physical disruption via strikes or protests are the major on-the-ground threat to the Games; cyberattacks sponsored by Russia are the major cybersecurity threat.

Domestically, multiple unions have threatened strikes, anticipating that their local and national governments will feel sufficient pressure to hold a successful Paris 2024 that they will quickly give in to demands. The unions’ resolve is reinforced by the recent French elections, in which a left-leaning coalition known to be supportive of workers won a plurality in the National Assembly. Local protest groups have also called for action ahead of and during the Games. These include organized campaigns by activists during events and disorganized Paris-area opposition to the Games. The polarization in French society—heightened by recent elections and protest movements—creates fertile ground for further social unrest during the Games and makes it very likely there will be disruptions.

Internationally, both the war in Ukraine and the Israel-Hamas conflict have the potential to inspire protests and disruptions by nation-state-level actors. In particular, the Russian Federation has a history of targeting the Olympics with cyberattacks as revenge for its formal exclusion from the Games (such as in the Pyeongchang Winter Olympics). With Russian athletes once again slated to compete under the “Olympic Athletes from Russia” banner and the added factor of France’s continued support for Ukraine, Kremlin-aligned hackers are likely to take aim at the cyber infrastructure of Paris 2024.

Lastly, pure financial crimes—including internet scams and street-level petty crime—will very likely operate on a heightened level during the Games. Tourists in Paris should be wary of their surroundings and conduct due diligence on websites and applications they use related to the Games.

Background: Physical and Cyber Threats to Olympic Games

France has a long history of civil unrest, and it is very likely that protests, boycotts, and other forms of disruptive activity will impact the Olympic Games Paris 2024. Interest groups could seek to leverage the visibility of the Olympics to garner more attention for their causes. Due to the significant social polarization and discontent extant in France, there are a number of activist groups potentially interested in this publicity. 

The most significant source of recent polarization comes from French elections. In June, France held elections for the European Parliament, in which the far-right Rassemblement National (RN) performed unexpectedly well. This prompted President Emmanuel Macron to call for snap parliamentary elections, in which the RN again won a plurality of votes but was blocked from power by a left-and-center coalition that explicitly aimed to prevent an RN majority. The Nouvel Front Populaire, a broad coalition of the greater French left, won the most seats and is expected to soon propose a candidate for prime minister. Within a month, the RN went from expecting to be the dominant party in Parliament to being one of the smallest, with the left experiencing the reverse. Each side of this increasingly polarized divide views the other as posing somewhat of an existential threat to France, creating the potential for unrest and targeted actions during the Paris 2024 Games.

Physical Security Preparations for the Paris Olympics

Just before the start of the Olympic Games Paris 2024 on July 26, authorities will begin enforcing movement restrictions and vehicle limitations.

  • The most restrictive zone is a gray perimeter that ticketed fans, athletes, and media will be able to enter. Verified athletes and media vehicles will also be allowed to enter this zone. 
  • Surrounding the gray zone, fans will need to pass through a black perimeter for security checks, including pat-downs and metal detectors. Bicycles are restricted starting at this point.
  • Further outside, pedestrians and authorized vehicles with a valid “Pass Jeux” QR code will be able to enter a red perimeter. All other vehicles are prohibited from entering.
  • The outermost perimeter is classified as blue and will only have limitations for vehicles that will need to prove they have a valid reason for entering, like visiting friends.
  • A red perimeter label will also be applied to the Seine River starting on July 20, the location of the opening ceremony and controversially certain swimming events.

There will be 25 fan zone locations, where there will be parties and interactions with guests. Only those fan locations in the red or gray zones will require a Pass Jeux. They have capacity restrictions and security checks.

  • Fan zones could be targets for criminals and would-be attackers.

There will also be limitations on metro and rail services in and around Olympic venues, particularly around the opening ceremony; most services will be closed gradually beginning on July 27, the day after the opening ceremony. However, the Champs-Elysées and Concorde stations in downtown Paris will remain closed. Furthermore, metro and bus tickets will double in price in Paris until September 8, the last day of the Paralympic Games.

The fare increase and movement restrictions present one of the most likely sources of Olympics-related social unrest from Paris-area activist groups upset about disruptions to their lives.

Access Codes

To enter the red and gray restricted zones, guests will need to download a “Pass Jeux” QR code. Users will need to request a code in advance using their name, address, and a form of identification. Visitors will need to provide proof of temporary accommodations and media accommodations, if applicable. This means that hotel guests within these zones need the Pass Jeux to enter their hotels. 

A Pass Jeux is not the same as a ticket to an event, and those with valid tickets will not need a Pass Jeux to enter the event. Those with tickets will need to download a separate application called the Paris 2024 Tickets that will contain another QR code with their event tickets.

A mobile application, Transport Public Paris 2024, is also available to identify travel routes to venues. Those riding the metro will not necessarily need a Pass Jeux, but certain train stations within the perimeter will be closed throughout the Olympics.

Possible Flashpoints: Olympic Games Paris 2024

Election-Related Protests

The most likely source of disruption to the Olympic Games Paris 2024 is physical protests. In recent years, France has experienced many instances of unrest related to key political issues. Particularly salient issues have been changes to the retirement age, police treatment of minorities, and policies viewed as hostile to farmers. These have all prompted large-scale demonstrations in the run-up to the elections and are likely sources of inspiration for potential Paris 2024 protesters.

  • During the first half of 2023, the country witnessed at least  14 rounds of nationwide strikes and protests against President Macron’s centerpiece domestic reform, which raised the retirement age from 62 to 64. 
  • Large-scale demonstrations brought between 500K and 1.3 million people out into the streets from January to June 2023 and turned violent in mid-March.
  • The best-performing parties in the June/July 2024 elections were those who vowed to reverse the retirement age changes, and protesters often staged election protests at Olympics-related locations during the campaigns. 
  • The appointment of government positions is expected to continue through the Olympic Games, and political activists have already proposed ways to use the Olympics to highlight policies. Therefore, it is likely that those who protested against the increase in retirement age in 2023, and during the July 2024 elections, will protest during the Games.

The most likely source of French election-related protests will come from left-leaning groups who are threatening protests during the Games if one of their preferred candidates is not named prime minister.

Societal Fissures

Almost immediately following the last round of nationwide strikes and protests against retirement reform, which occurred on June 6, 2023, a fresh spate of violence commenced after police officers shot and killed a 17-year-old delivery driver named Nahel Merzouk during a traffic stop in a Paris suburb on June 27, 2023.

  • This particular shooting encapsulated accusations that police in France have systematically mistreated African and North African individuals. Peaceful protests comparable to the U.S. Black Lives Matter movement took place across the country, but in many places violence and civil unrest also occurred. Several nights of riots resulted in widespread looting, 1,000 damaged buildings, and over 5,000 burned vehicles.

The police response to “le mort de Nahel” was emblematic of a larger source of societal unrest: the often heavy-handed response of French law enforcement to demonstrations and activism.

  • However, President Macron and his ministers have repeatedly characterized themselves as stewards of “law and order” in France and describe the Olympic season as a time of “pride” and “hope” for the country. Given this official position, it is probable that police will respond more forcefully to demonstrations or other actions that threaten to disrupt the Games, which could result in security forces using tear gas and clashing with protesters.  

Lastly, in early January 2024, farmers in the south of France began a series of demonstrations and road blockades to protest against environmental regulations and cuts to agricultural subsidies. These actions gradually spread to the rest of the country, culminating in a “siege” of Paris, with farmers blocking major motorways leading into the capital between January 29 and February 1, 2024.

In general, the grievances that animated these waves of protests in 2023 and 2024 have not been fully resolved and could likely spark further collective action going forward, especially during the Olympic Games. Given the heightened security posture of French security forces during the Games, the risk of an incident involving police (or other law enforcement) is significant.

Strikes, Boycotts, and Protest Activity

In addition to previously existing activist groups and issues, there are also protest concerns directly related to the Olympic Games Paris 2024. 

For example, the CGT-RATP public transport union has already filed a strike notice for the duration of the Games, citing concerns regarding overtime and accommodations for workers during this event. This proposed collective action could lead to significant transportation disruptions in Paris and other French host cities. 

Additionally, environmental activist groups such as Youth for Climate, Extinction Rebellion, and others have criticized the allegedly high carbon emissions and other types of pollution caused by the Games. 

  • In order to bring attention to their cause, climate activists smeared fake blood on the Olympic Rings monument in front of the Paris town hall in July 2023 and later attempted to sign up as volunteers or torchbearers for the Games, although they were not successful. Given the continuing salience of this global issue, similar small-but-attention-grabbing actions will likely take place at the opening or closing ceremonies, as well as during Olympic sporting events.

In broader French society, enthusiasm for Paris 2024 has gradually declined as the opening date approaches. According to recent polls, 44 percent of residents of the Île-de-France region now believe that hosting the Games is a bad thing, citing the high expense of this event and the rising costs of housing and transportation as primary reasons for their skepticism. Discontent by workers who will have extra responsibilities imposed due to the Games is particularly high.

  • The French government has attempted to forestall some of the syndical discontent by announcing bonuses for civil servants and police officers for the duration of the Olympic and Paralympic Games. 
  • This has given rise to demands by other labor groups, such as workers at Paris-area airports, to also receive an “Olympic bonus.”
  • However, such measures will likely only partially placate interest groups and activists seeking to extract benefits or garner more attention. There is a roughly even chance of further protests by those in the transportation sector during the Games.

Local Opposition

Local opposition to the Games is also high among Parisians who anticipate major disruptions to their lives during their duration. 

  • Locals have been advised to avoid the metro as much as possible during the Games, as its capacity is anticipated to be strained by the number of visitors arriving in Île-de-France. A special Olympic Fare, which is twice the cost of a normal metro ticket, has provoked derision among citizens able to buy regular-cost tickets in advance to cover the Olympic period and major unease among poorer Parisians who cannot afford to load up on regular-price fares ahead of time.
  • Some businesses have announced “forced vacations” due to anticipated disruptions to normal function of the city. While many others are instead enforcing teleworking, certain businesses anticipate shutting down entirely. Some workers may not have the vacation time saved up to cover their salaries during this period; even those who will still receive a salary are inconvenienced by being forced to take time off that is not of their choosing.
  • A large number of bridges and metro stations will be closed across Paris, in particular during the Opening Ceremony (a boat parade down the Seine) but also before and after that date. The Prefect of Paris described the overall transportation situation as “the big mess.”
  • While no such protest occurred, the popularity of an online proposal to “poop in the Seine” on June 23 is illustrative of local sentiment surrounding the Paris 2024 Games.

Many Parisians feel these Games have been imposed on them, and it is very likely that this will manifest itself in protests by locals against the disruptions to their daily lives.

International Activism

In addition to the organizations and causes discussed above, the Olympic Games Paris 2024 could also be disrupted by collective actions over issues such as the high cost of living, the French government’s recent controversial immigration bill, or the ongoing Israel-Hamas conflict.

Since the Israel-Hamas war started in October 2023, there have been several notable pro-Palestinian protests targeting major events worldwide.

  • During the Macy's Day Thanksgiving Parade on November 23, 2023, several dozen pro-Palestinian protesters glued themselves to the parade route, temporarily halting the event, while others marched along the parade route before being arrested. 
  • The EuroVision Song contest held in Sweden in early May 2024 was also targeted by pro-Palestinian street protesters against the participation of Israeli contestants. 
  • Pro-Palestinian protesters announced their intention to target the recent Euro 2024 football tournament, but no major disruptions occurred. This may be due to law enforcement’s heightened scrutiny of activists in relation to the tournament.

There have already been pro-Palestinian protests related to the Olympic Games Paris 2024, and further actions in solidarity with Palestinians or in opposition to Israel are likely at the events. 

  • Protesters assembled outside the International Olympic Committee (IOC) headquarters in Lausanne on June 12, 2024, to argue against Israel’s participation in the Games. Hundreds took part in the assembly, which called on the IOC to bar the country from competing. On July 9, 2024, a broad grouping of pro-Palestinian protestors orchestrated a mass-call in targeting the Paris Organizing Committee (COPJOP), pressuring them on Israel’s participation at the Games.
  • Similar small-scale shows of support or opposition are likely during the event.
  • While unlikely, there is a possibility that Olympic athletes or teams set to face Israeli athletes or teams will choose to forfeit instead as a means of drawing attention to the Palestinian cause. It is difficult to estimate the likelihood of this occurring, as it is highly dependent on which athletes or teams are matched with Israelis/Israel. The most likely candidates for such action would be athletes or teams from Muslim nations or certain socially-conscious European nations (such as Ireland or Iceland).

Pro-Palestinian cyber threat actors also pose a threat, mainly to the Olympics cyber infrastructure.

  • On July 4, 2024, actor “Anonymous KSA” shared a post on their Telegram channel indicating that they would begin targeting the digital infrastructure of France but not specifically mentioning Paris 2024. Anonymous KSA’s Telegram channel was created on May 5, 2024; the channel’s first post on May 6, 2024, announced an attack against an Israeli Ministry of Education website. The group has claimed several attacks targeting Israeli institutions, as well as leaks of and distributed denial-of-service (DDoS) activity towards international corporations with the stated intent of impacting entities associated with the ongoing Israel-Hamas war. ZeroFox has not observed evidence that the claims made by the group are legitimate.

Terrorism

The security threat from terrorist groups and radicalized individuals is arguably the biggest concern for security forces and Olympic Games Paris 2024 organizers. Paris has experienced terror attacks on several occasions in recent years and the risk is elevated compared to previous years because of the Israel-Hamas war.

  • Since 2001, France has been a key partner in the global War on Terror, making it one of the primary targets of Jihadist groups, particularly the Islamic State (IS). The worst terrorist attack against the country occurred in November 2015, when IS gunmen killed 130 people during a series of mass shootings and bombings at several locations in Paris. Overall, since 2012, France has suffered the highest number of successful or attempted acts of terrorism and related arrests among all European Union (EU) member-states.

While there has been a lull in international terror attacks since the loss of IS territorial control in Iraq and Syria around 2017, Europe in particular has seen a partial resurgence since the Israel-Hamas war began in October 2023. France has experienced two such incidents. 

  • On October 13, 2023, a teacher was stabbed to death in the city of Arras, France. 
  • On December 2, 2023, a knife and hammer attack in central Paris claimed the life of one person and injured two others. 
  • In both cases, authorities classified the incidents as “acts of terrorism” and believe that they are at least in part related to the ongoing Israel-Hamas conflict.

Since then, European authorities have issued several security warnings over the heightened risk of a terror attack on large gatherings. 

  • On December 5, 2023, European Home Affairs Commission chief Ylva Johansson said there was a “huge risk” of a terror attack in the EU during the holiday period and warned that groups like Al Qaeda and the IS would use the Israel-Hamas war to increase calls for violence. 

While no attacks were attributed to either cause during the 2023-2024 holiday period, France and Germany (the host of the 2024 Euro soccer tournament) issued security warnings regarding the threat IS posed to their tournaments in late March 2024. The warnings followed a deadly March 22 terrorist attack on a concert hall outside Moscow, Russia, by a branch of IS based in Afghanistan and Pakistan called IS-Khorosan. 

  • President Macron mentioned that the group responsible for the attack in Moscow also sought to strike in France and noted that French authorities had disrupted two attacks in 2024 alone.

The Olympic Games Paris 2024 represents one of the most significant and prestigious sporting events that will take place this year. The scale and visibility of this international competition make it a high-value target.

  • Despite extensive security preparations by French authorities, residual risk remains. Several threats need to be considered: likely hotspots for attacks, notable groups and issues that have contributed to anti-French or anti-Western sentiments, and potential methods that may be used to perpetrate acts of terrorism.

In terms of potential methods, a terrorist attack at the Olympic Games Paris 2024 would likely involve the use of easily accessible materials such as bladed weapons, firearms, or improvised explosive devices (IEDs) rather than a coordinated assault like the attack in Moscow in March 2024 or in Paris in 2015. In addition, according to the U.S. State Department, endogenous (lone-actor) attacks pose the most significant current threat.

  • On May 31, 2024, an 18-year-old from the Chechnya region of Russia was arrested in Saint-Étienne near Lyon on suspicion of wanting to "commit an Islamist-inspired attack." According to the French Ministry of Interior, the suspect planned an attack targeting the locations of  Paris 2024 football events, such as the Geoffroy-Guichard stadium in Saint-Étienne. 
  • It is also possible that vehicles could be used as a weapon to target spectators, related events, or associated facilities, as occurred in Nice on July 14, 2016, when a lone perpetrator killed 86 people by driving a cargo truck into crowds celebrating Bastille Day.

One of the primary security challenges for the organizers of the Paris 2024 Games is safeguarding the opening ceremony scheduled for July 26. This event is set to be an unprecedented spectacle, breaking from tradition by not being held in a stadium.

  • Instead, in a historic first, athletes participating in the Games will float down a 3.7 mile stretch of the Seine River in central Paris aboard a flotilla of 94 boats, followed by an additional 80 vessels carrying media and security personnel. An estimated crowd of 222,000 will gather along the riverbanks, while 200,000 more are expected to watch from nearby buildings. 
  • The open-air setting chosen for this ceremony, as well as the large number of spectators involved, make it a possible hotspot for an attack. 
  • ZeroFox Intelligence notes that the potential for threat actors to use planes or unmanned aerial vehicles (UAV), such as drones, is low; airspace will be shut down within a 93-mile radius around Paris during the opening ceremony and will remain closely monitored during the subsequent days of the competition. In addition, Paris police plan to deploy 15 heavy anti-drone units equipped with radar and jamming capabilities to guard against possible UAV attacks against the capital.
  • Organizers have reportedly established a Plan B for the Olympics opening ceremony on the Seine in the event of a terrorist threat. This fallback plan would involve parading athletes on the Pont d'Iéna (Iena Bridge) between the Eiffel Tower and the Trocadéro. This parade would be held without spectators, and athletes would return directly to the Olympic Village afterward.

Crime

The frequency of petty crime in Paris generally correlates with the level of tourist activity in the city, and this pattern is anticipated to continue during the Olympic Games. 

  • Consequently, pickpocketing and related scams will remain a threat in affluent districts of the capital, particularly near luxury establishments, popular tourist landmarks (especially the Eiffel Tower, Notre Dame, and the Champs-Elysées), and around event venues such as stadiums. 
  • Thieves are also known to operate on public transport, most commonly the Paris metro and the Île-de-France regional express railway network (RER) that connects the capital to surrounding areas. 
  • Pickpockets typically work in groups, often involving adolescents. On the street, the most popular method is the “distraction technique,” when two or more individuals approach the target under the guise of asking for directions or trying to sell merchandise. While the target’s attention is focused on one person, the other criminal involved in the scheme surreptitiously steals the victim’s valuables. 
  • On trains, the most common ploy is the “crush and grab.” This involves a group of people swarming a victim as they are entering or exiting the railroad car, using the chaotic situation to pick their pockets. 
  • Another related tactic is to swiftly snatch the purse or backpack of a passenger seated near an exit and disembark just before the doors close. While this type of crime is typically nonviolent, reports during the past few years indicate anincreased level of aggression towards persons who are perceived to be wealthy. For instance, at the start of 2022, Paris police registered a 31 percent rise in aggravated theft of luxury watches from city residents and visitors, a phenomenon that has generally grown more common since 2019.

In terms of organized criminal activity, Paris witnessed several spectacular heists during the fall of 2023, including a daytime robbery of the Piaget jewelry store in August and the hijacking of a truck containing 50 luxury items belonging to the fashion brand Balmain in September.

  • On both occasions, millions of dollars in property was reported stolen. In addition, a drug war erupted in August 2023 between the “Yoda” and “DZ Mafia” mafia gangs in Marseille. During the past year, a total of 36 people were killed in clashes between the two criminal groups in France’s second-largest city; this is five more than in 2022. 

Given the heavy police presence in Paris during the Olympics, it is unlikely that the capital will experience high-value robberies or outbreaks of gang violence while the Games are ongoing. However, there is a greater possibility that such incidents could disrupt Olympic events in other parts of France, especially the soccer and sailing competitions scheduled to take place in Marseille.

Cyber Threats

Russian Interference

ZeroFox Intelligence assesses that the Olympic Games Paris 2024 faces threats from likely Russian-backed cyber threat actors.

  • Two political issues involving Russia have the potential to disrupt the Games. The Russian Federation has held a grudge against the institutions of the Olympics since Russian athletes were banned in 2019 from international competition due to allegations of a state-sponsored doping program. Subsequently, Russia’s invasion of Ukraine caused the IOC to ban Russian athletes from competing under the name and flag of Russia. Both of these decisions are perceived by Russia as major slights.
  • That Russian athletes can participate at all is also controversial. Despite international pressure from Western nations, the IOC and the International Paralympic Committee (IPC) ruled that Russian and Belarussian athletes can take part in the upcoming competitions as neutrals.
  • This decision has been strongly criticized by both the Ukrainian government and the social media activist group “#BloodyOlympics” and could lead to protests during the Games or boycott campaigns against corporate sponsors of this event.

Russian cyber threat actors are likely to react to the strong showing of support for Ukraine at the Games, as well as previous bans of Russian athletes, by targeting the IOC.

  • This is likely to take the form of DDoS attacks, data compromises, and scams carried out by Russian threat actor groups. 

On June 23, 2024, the “People’s Cyber Army” (PCA) posted a call to action on their Telegram channel (@CyberArmyofRussia_Reborn) and associated private groups, urging cyber fighters to target France with cyberattacks.

  • One of the posts by the PCA supported the “Poop Protest,” which was organized by Parisians in response to the French government’s expenditure on cleaning the River Seine to host swimming events. The message highlighted the PCA’s support for the protest and promised to disrupt French websites during the event.
  • PCA’s announcement was accompanied by a fake cover of Charlie Hebdo, a satirical French magazine, which featured text in Russian that read, “Russian hackers have agreed to participate in the Olympics in a neutral status. In a new sport, ‘DDoS attacks’ on the websites of France.”
  • This imagery and messaging are designed to mock and threaten French authorities, symbolizing cyber “games” as part of PCA’s protest. The cover also featured the logos of PCA, RCAT, and “NoName057(16)”, indicating these threat actor groups have formed a unified front in their disruptive efforts against the Paris 2024 Games.
  • These groups typically employ DDoS attacks, which flood targeted websites with excessive traffic and render them inaccessible. NoName057(16) utilizes tools like DDOSIA, capable of issuing repeated network requests to overwhelm web services. In addition to DDoS attacks, these hacktivist groups may engage in website defacements, replacing legitimate content with protest messages or propaganda.
  • The coordinated actions by PCA, RCAT, and NoName057(16) represent a threat to the Olympic Games Paris 2024, with the potential to disrupt event logistics, security, and public perception.
  • The cyber activities may complement physical protests, creating a multifaceted threat environment. However, there is also the possibility that these announcements could be part of a psychological operation (psyops) intended to instill fear and uncertainty without actual follow-through, further complicating the threat landscape.

As of July 11, 2024, there are no indications or claims of cyberattacks by these groups against web resources related to Paris 2024 or French government infrastructure directly involved in organizing the event.

Mobile Apps

Mobile applications present security risks, and cyber threat actors are very likely attempting to exploit enthusiasm for the Games to carry out scams utilizing them. Threat actors can use mobile app credentials to gain access to user accounts, potentially reselling tickets and manipulating personal information associated with paris2024[.]org and olympics[.]com users. This can lead to ticket fraud, operational disruptions, and reputational damage.

ZeroFox observed and exported thousands of sets of compromised credentials related to paris2024[.]org and olympics[.]com from a private Telegram channel.

  • The data appears in two formats: URL paired with login credentials (ULP) and login:password pairs (LP). The ULP formatted data likely originates from botnet logs, while the LP pairs stem from database breaches and exposures or were stripped from the URLs by the threat actor, making it unclear to which web resources the compromised credentials pertain.
  • The credentials were extracted from combolists disseminated in the Telegram channel over the last eight months.

    Selling Olympic-Related Cyber Assets on the Dark Web

    On July 6, 2024, an untested threat actor dubbed “dank31337” posted a thread on the deep and dark web (DDW) forum XSS. The thread, titled “Buying all things olympics 2024 related”, expressed the actor’s intent to purchase unauthorized access and tools specifically targeting the Olympic Games Paris 2024.

    • The actor offered USD 5,000 for initial access, phishing pages, and other related assets, inviting contacts to send direct messages for further communication. The post indicates that the actor is willing to use escrow for the transaction, suggesting a level of seriousness and an attempt to build trust within the forum community.

    The actor’s request for initial access and phishing tools suggests potential plans for sophisticated attacks that could include credential theft, unauthorized access, and broader disruptions to Olympics-related systems. The substantial monetary offer underscores the potential scale and seriousness of the intended activities.

    Suspicious Emails Targeting Volunteers

    On the Reddit forum r/Paris2024, a user dubbed “pizzahighwayicecream” posted a query titled “Scam or real?” three months ago, expressing concerns about an email they received from [email protected][.]fr. The user, who was registered in the volunteering program for Paris 2024, noted that the email differed in design and structure from previous official communications they had received from [email protected][.]org. The email invited the recipient to accept a mission via a link to a Volunteer Portal, but the unusual wording and appearance raised suspicions about its authenticity.

    • The email did not resemble official communications from the volunteering program, reinforcing the suspicion that the message might be a phishing attempt designed to deceive volunteers into providing personal information or login credentials.

    Exposed Credentials for Olympics[.]com and Paris2024[.]org on HackCheck

    ZeroFox identified 21 exposed records containing compromised credentials associated with the @olympics[.]com email domain and four unique records tied to the @paris2024[.]org email domain from an open-source repository for compromised datasets. These records include limited personally identifiable information (PII), such as full names, usernames, passwords, and phone numbers.

    • The compromised data originates from past breaches, not from a recent or targeted attack against the Olympic Games’ web resources. These records were likely compromised because individuals used their work email addresses to register on third-party websites or services, which later experienced data breaches or accidentally exposed user data.

    Even though the data is from past breaches, it can still be exploited to gain unauthorized access to Olympic Games systems if personnel reused passwords or if the compromised information provides insights for social engineering attacks.

    Similarly, ZeroFox researchers observed 1,734 botnet log entries affecting paris2024[.]org and 28 entries affecting olympics[.]com on the well-regarded DDW marketplace Russian Market.

    • The compromised subdomains include connect.paris2024[.]org, library.olympics[.]com, and shop.olympics[.]com. Prices for these botnet log entries range between USD 2 and USD 10 each, with uploads dated from May 28, 2023, to June 28, 2024, for olympics[.]com and from May 24, 2024, to July 7, 2024, for paris2024[.]org.
    • These botnet logs comprise compromised credentials that allegedly include not only login details but also browser cookies in some cases. The cookies allow attackers to bypass multi-factor authentication (MFA) and other security measures. Once purchased, these logs are removed from Russian Market, increasing the risk of targeted attacks.

    Compromised accounts could lead to unauthorized viewing, transfer, or resale of legitimate e-tickets, especially if payment information is stored. Additionally, the inclusion of browser cookies could enable attackers to mimic legitimate user sessions. This access could allow manipulation of personal information, fraudulent purchases, or service disruptions.

    Natural Hazards

    Natural hazards represent a major unpredictable factor that could substantially influence the course of the Games. The 2024 Olympics are set to take place in late July and early August—one of the warmest times of the year in Paris. Moreover, average temperatures have increased with each year as the effects of global warming become more pronounced. 

    • The time frame for the main events roughly coincides with a period of several weeks in 2003 when France experienced a devastating heat wave, which led to an estimated 15,000 deaths. 
    • In many cases, the victims were elderly individuals living alone in unconditioned apartments in Paris.

    Although the French government has subsequently implemented a number of measures to protect the population against the effects of extreme heat, many underlying problems remain, particularly in Paris. Only 10 percent of the capital is dedicated to green spaces, and many of its famous Haussmann buildings have heat-absorbing zinc roofs. In addition, according to research by the French Environment and Energy Management Agency (ADEME), only 25 percent of Parisian homes were equipped with air conditioning as of 2020. In a controversial move, Paris 2024 organizers decided to refrain from installing air conditioners in Olympic Village buildings. Instead, the residences will rely on an underground water cooling system, which is more environmentally friendly but may struggle to offset surging summer temperatures. In addition to more severe heat waves, changes to global climate patterns have contributed to other natural hazards in France during the summer months, including larger wildfires or, alternately, torrential rains and flash flooding.

    ZeroFox Intelligence Recommendations

    • Social unrest linked to recent French elections and local anger about Olympics-related disruptions are likely. Visitors should plan their journeys well in advance and monitor local media to identify protests ahead of time.
    • Understand the different security requirements when traveling through the four different security zones in downtown Paris.
    • For those with event tickets or those traveling to fan zones, download the official Olympic Games Paris 2024 mobile applications. Have those tickets, any transportation passes, and the Pass Jeux stored in the official apps well in advance.
    • Proactively monitor for compromised accounts being brokered in DDW forums.
    • Olympic visitors should be vigilant for potential scams, including cyber scams involving fake mobile, accommodation, and Olympic apps. 
    • Ensure accommodation and train reservations are made ahead of time in order to avoid the risk of not being able to secure bookings closer to the event.
    • Ensure accommodation and travel bookings that cannot be done on the official apps are made on legitimate apps or websites and not through third parties. 
    • Keep personal belongings somewhere that they cannot be easily pickpocketed, especially on public transportation and at fan zones.
    • Remain in a group when traveling in the Paris area, especially after dark. 

    Tags: Hidden

    See ZeroFox in action