About 170 people involved in the cybersecurity task force of the upcoming Olympic Games in Tokyo had their personal information stolen by hackers, as confirmed by a Japan Times report. The data breach appears to be linked to the recent Fujitsu ProjectWEB incident that affected government entities and ministry infrastructure. ProjectWEB is an information-sharing tool used in important projects in Japan, including the Olympic Games organizing committee, so the scope of the data breach that was the result of the unauthorized access on Fujitsu’s tool covers them too.
The Tokyo Summer Olympics are scheduled to be held between July 23 and August 8, 2021, so we’re only a few weeks away now. If hackers hold the details of the people who are tasked with the cyber-protection of the games, could this mean that defending against hacker-induced interruptions will be harder? The National Center of Incident Readiness and Strategy for Cybersecurity stated that the leaked information should have no impact on the operations set in motion around the organizing of the games.
The data that has been leaked include the full names, business titles, and affiliations of people working in 90 organizations relevant to the Olympic Games in Tokyo. Possibly, the actors will attempt to use these for social engineering, getting user credentials and access to critical systems. At this point, though, these are all assumptions, and the truth is that not many details about the cyberattack have been given to the public.
The Tokyo Olympics have been under attack by sophisticated actors since 2019, when Russian hackers of the APT28 group were revealed to be involved in attacks against anti-doping organizations like the WADA. Russian athletes are still banned from participating in the Olympic Games due to a doping scandal that cost them their national participation in the previous Olympics, so Russian hackers see this as a reason to seek vengeance.
In Fujitsu's case, we don’t have any attribution, and the company hasn’t posted an update on the unauthorized access to ProjectWEB since May 25, so there are no updates on the latest findings of their investigation.