Russian threat groups are ramping up disinformation campaigns aimed at France and the upcoming Paris Olympics Games that combine time-worn tactics and new AI capabilities in hopes of maligning the reputations of France and its president as well as sow fear about possible violence around the international sporting event.

Two such groups – tracked as Storm-1679 and Storm-1099 – have targeted the country, the Olympic Games, and the International Olympic Committee (IoC) since June 2023, but are accelerating their efforts as the start of the Games next month approach, according to an eight-page report by Microsoft’s Threat Analysis Center (MTAC) released this week.

Those attacks will intensify in the coming weeks and likely will expand to include disinformation published not only in French but also English, German, and other languages to bolster their visibility and discourage people from attending, according to Clint Watts, general manager of MTAC, adding that the use of generative AI in the campaigns also will increase.

“While video has traditionally been a powerful tool for Russian IO campaigns and will remain so, we are likely to see a tactical shift towards online bots and automated social media accounts,” Watts wrote in a blog post accompanying the report. “These can offer the illusion of widespread support by quickly flooding social media channels and give the Russians a level of plausible deniability.”

In Paris, Russian bad actors also could create the illusions of protests or initial real-world provocations to exploit the focus on security and undermine the confidence of attendees in the IOC and French security forces, he wrote, adding that “in-person staging of events – whether real or orchestrated – near or around Olympic venues could be used to manipulate public perceptions and generate a sense of fear and uncertainty.”

Sporting Events are Attractive Targets

Threat groups around the world have long looked to major sporting events – not only the Olympics but also the World Cup, the Super Bowl, and others – as soft targets for cyberattacks, particularly given the high level of connectivity concentrated in relatively tightly packed areas like stadiums.

“Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks,” Microsoft, which contributed cybersecurity support to the World Cup soccer matches in Qatar in 2022, wrote last year. “This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities, and attendees. … Information on athletic performance, competitive advantage, and personal information is a lucrative target. Unfortunately, this information can be vulnerable at-scale, due to the number of connected devices and interconnected networks in these environments.”

Security forces for the Olympic Games in Paris have been working to ensure the two-plus weeks of events are safe, though an assessment by risk management firm Outpost24 found various critical weaknesses that included open ports, exposed remote access ports, SSL misconfigurations, security header issues, cookie consent violations, and evidence of domain squatting, all of which could be exploited by hackers.

Campaigns Started a Year Ago

In its latest report, MTAC wrote that a year ago, Telegram feeds that typically parroted pro-Kremlin narratives started promoting a full-length feature film called “Olympics Has Fallen,” a play on the 2013 “Olympus Has Fallen.” Users who scanned a QR code were directed to the film, which included an AI-generated audio impersonating Tom Cruise’s voice narrating and criticizing the IOC’s leadership.

Now the threat groups are running malign influence campaigns disparaging France and French President Emmanuel Macron, the IOC, and the Games, the threat researchers wrote, adding that “these campaigns may forewarn coming online threats to this summer’s international competition.”

Putin’s ‘Slow Burn’

They noted that helping to fuel the campaigns in recent years was Russia being the chance to participate. The country was banned from the 2018 Winter Games after its athletes were caught using performance-enhancing drugs in previous Games. Last year, the IOC said Russian athletes could compete this year, but only as neutral athletes rather than representing Russia due to the country’s unprovoked invasion of Ukraine.

“The slow burn of Russian President Vladimir Putin and the Kremlin’s displeasure with the IOC and the ability to participate in the Olympics—an event of longstanding pride to the Russian government—has intensified in recent years,” the researchers wrote.

They outlined efforts by Russia – and before that the Soviet Union – to undermine the Olympic Games in the past and noted the role of generative AI in the campaigns for the upcoming Games, including using voice cloning and other AI techniques to give the impression of celebrity support for the film and create other videos, and ginned up fraudulent five-star reviews from reputable critics and outlets.

The Storm-1679 group started ramping up its campaign against the Olympics and France last year and has included the Israel-Hamas war to make up lies about threats to the Paris Games, with other images and videos playing off the Munich Olympics in 1972, when 11 members of the Israeli team were killed by extremists.

Storm-1099 Stepping Up

At the same time, the Storm-1099 group – also known as “Doppelganger” – has increased its targeting of the Games over the past couple of months through 15 unique French language fake news sites that includes Reliable Recent News, its key disinformation outlet. In columns on the sites, bad actors make claims of IOC corruption and potential violence during the events and target Macron, his government, and the president’s indifference to challenges French citizens have to deal with.

Going forward, the threat groups’ likely use of online bots and automated social media accounts to disseminate their message will grow to include the bots and automated services that can give the illusion of widespread support.

“These digital proxies can also offer Russia plausible deniability while exerting its influence,” they wrote. “It will be crucial to remain vigilant of online discussions, trending hashtags, and other online activity demonstrating common characteristics of generative AI.”