Tokyo Olympics Organizers Had Their Data Stolen by Hackers
About 170 people involved in the cybersecurity task force of the upcoming Olympic Games in Tokyo had their personal information stolen by hackers, as confirmed by a Japan Times report. The data breach appears to be linked to the recent Fujitsu ProjectWEB incident that affected government entities and ministry infrastructure. ProjectWEB is an information-sharing tool used in important projects in Japan, including the Olympic Games organizing committee, so the scope of the data breach that was the result of the unauthorized access on Fujitsu’s tool covers them too.
The Tokyo Summer Olympics are scheduled to be held between
July 23 and August 8, 2021, so we’re only a few weeks away now. If hackers hold
the details of the people who are tasked with the cyber-protection of the
games, could this mean that defending against hacker-induced interruptions will
be harder? The National Center of Incident Readiness and Strategy for
Cybersecurity stated that the leaked information should have no impact on the
operations set in motion around the organizing of the games.
The data that has been leaked include the full names,
business titles, and affiliations of people working in 90 organizations
relevant to the Olympic Games in Tokyo. Possibly, the actors will attempt to
use these for social engineering, getting user credentials and access to
critical systems. At this point, though, these are all assumptions, and the
truth is that not many details about the cyberattack have been given to the
public.
The Tokyo Olympics have been under attack by sophisticated
actors since 2019, when Russian hackers of the APT28 group were revealed to be
involved in attacks against anti-doping organizations like the WADA. Russian
athletes are still banned from participating in the Olympic Games due to a
doping scandal that cost them their national participation in the previous
Olympics, so Russian hackers see this as a reason to seek vengeance.
In Fujitsu’s case, we don’t have any attribution, and the
company hasn’t posted an update on the unauthorized access to ProjectWEB since
May 25, so there are no updates on the latest findings of their investigation.
Comments
Post a Comment