Russian State Hackers Target Anti-Doping Agency Ahead of Olympics

Written by

Microsoft has warned that Russian state-backed hackers are targeting sporting and anti-doping organizations yet again in the run up to the next Olympic Games in Tokyo.

The group known as Strontium (aka APT 28, Fancy Bear), has been trying to infiltrate at least 16 national and international organizations, with some success, according to Tom Burt, Redmond’s corporate VP of security and trust.

“The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world,” he explained.

“Strontium’s methods include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware.”

It’s unclear what they hackers hoped to harvest, but Burt noted that the attacks, which spanned three continents, began on September 16, just before reports emerged that Russia could be facing expulsion from the Olympics and other major sporting events over continued doping irregularities.

The World Anti-Doping Agency (WADA) claimed last month that critical data had been deleted from a database by the Russian authorities, before it was handed over to the agency as a pre-condition of the country being reintegrated into the global sporting fold.

Russian athletes have been banned for the past three years from competing on the world stage after a state-sponsored doping operation was uncovered.

It could be that the hackers are looking for evidence of doping by other countries, to help its cause. The group is said to have published medical records and emails taken from sporting and anti-doping organizations in 2016 and 2018, resulting in a 2018 indictment in federal court in the United States

“We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet,” Burt argued. “We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”

Microsoft urged organizations to put in place two-factor authentication on all business and personal  accounts, train staff in how to spot phishing schemes, and enable security alerts about links and files from suspicious sites.

What’s hot on Infosecurity Magazine?