Written by Tonya Riley

State-sponsored hacking groups have been uncharacteristically quiet leading up to the Olympic Games next month in Beijing. Researchers say there’s one big reason why: No one wants to get on the bad side of China.

“Disruptive Russian, Iranian, and North Korean state-sponsored cyberattacks targeting the 2022 Winter Olympics are unlikely to manifest due to the close relationships those countries maintain with the host nation, China,” Recorded Future researchers write in a report on potential cybersecurity threats to the games released Wednesday.

Although high-level attacks are unlikely, the Winter Games still present a target-rich environment for nation-state groups that focus on cyber-espionage, researchers say. And — as is typical for any large international event — cybercriminals also will be looking for opportunities to scam athletes, organizers, volunteers and fans during the Winter Games.

Beware of SIM cards

Advanced persistent threat (APT) groups from Iran and Russia, while unlikely to attack China or the games, probably will use the event as a chance to spy on countries considered adversarial, researchers say.

Chinese state-sponsored hackers, meanwhile, will likely turn an eye to foreign athletes and government officials attending the events. Recorded Future researchers assessed surveillance of personal devices by Chinese actors to be “very likely.”

Potential avenues for surveillance include special mobile SIM cards offered to foreign athletes to avoid the Chinese firewall and the MY2022 Olympic Games app all attendees must install.

The MY2022 app collects data including users’ passports and COVID-19 records. Researchers at the University of Toronto’s Citizen Lab found that the app failed to properly encrypt data transfers, the New York Times first reported. Several nations including the United States have advised athletes to not bring their personal phones due to the risk of espionage and malware. Many foreign journalists are also using burner phones for the games.

The apparent lack of state-sponsored activity is a huge deviation from previous years, when hackers used the Olympics to flex their power and send a message to adversaries.

The Russian APT known as Fancy Bear has been especially active in the past. Fancy Bear, also known as APT 28, Sofacy and Strontium, was tied to a historic cyberattack on the 2018 Winter Games in Pyongyang that disrupted the games’ opening ceremonies. In 2016, Fancy Bear was accused of stealing and leaking personal and health information from top athletes including Venus and Serena Williams and Simone Biles during the 2016 Rio de Janeiro Summer Olympics. Ahead of the 2020 Tokyo Summer Games, the group again targeted anti-doping authorities and sporting organizations.

The World Anti-Doping Agency, a foundation launched by the International Olympic Committee to monitor and prevent drug use by athletes, has also been a frequent target of Russian hackers, thanks to the organization’s investigations and eventual banning of Russia from the Olympic Games for not complying with international anti-doping rules.

Follow the money

What Beijing will likely have in common to previous games is a swarm of financially motivated hackers hoping to take advantage of individuals, by stealing their personal data or their money. Financially motivated attacks against Olympic Games have more than doubled in the last decade, with Japanese telecommunications firm NTT reporting 450 million “security events” impacting the 2020 Tokyo Games.

Researchers have already seen dark web chatter boasting the alleged sale of information belonging to applicants to volunteer at the 2022 Beijing Winter Olympics. Tokyo organizers suffered a similar attack when hackers broke into a Japanese contractor’s data tool that contained information on individuals from 90 different organizations involved in the games.

Researchers expect to see more financially motivated scams, including phishing campaigns designed to steal user credentials, leading up to the games.