Kremlin Hackers Behind Anti-Doping Agency Attacks

The infamous Kremlin-sponsored APT group Sofacy (aka Sednit) was likely responsible for hacking anti-doping agency WADA in revenge for its decision to recommend the IOC ban all Russian athletes at the Rio Games, ThreatConnect has claimed.

The threat intelligence firm said the group, also known as Fancy Bear, gathered intelligence that could help Russia intimidate future whistleblowers following the testimony of Yulia Stepanova, who has since fled the country.

The campaign might also have been launched to try and intimidate senior decision makers, to find confidential info which could embarrass WADA, or even to obtain information which would help Moscow evade anti-doping measures in the future.

WADA issued an alert last week warning that its systems had been breached and linking the incursion to a spate of phishing emails received by some users of its portal.

It was feared at the time that the hackers may have been trying to find the current whereabouts of Stepanova and her husband, who are now in hiding in the United States after claiming they felt in danger following the decision to go to WADA about the state-sponsored doping scandal.

The WADA phishing emails used two spoofed domains designed to look like the official WADA web address.

“ThreatConnect’s Research team reviewed these domains and found that the sites were recently registered and their registration and hosting information are consistent with Russian Fancy Bear tactics, techniques, and procedures (TTPs),” the report claimed.

“Further, we also identified another domain registered by the same individuals — tas-cass[.]org — that spoofs the Court of Arbitration for Sport’s (CAS) legitimate domain.”

The firm suggested that Russian state hackers may also be using Anonymous Poland and its Twitter account to hide their activities.

The Fancy Bear group is also said to be responsible for the recently revealed long-term cyber espionage campaign against the Democratic Congressional Campaign Committee.

ThreatConnect warned that Richard McLaren and Grigory Rodchenkov – two other major figures involved in exposing Russian doping – will be on the receiving end of some further cyber operations going forward.

“Russian activity targeting these organizations is an important example of how Russia responds to wide-reaching current events that have negative implications for Moscow,” it concluded.

“Organizations involved in such events can reasonably expect to experience targeted Russian cyber operations that ultimately facilitate retaliatory influence or propaganda efforts against them.”

What’s Hot on Infosecurity Magazine?