Pierluigi Paganini October 29, 2019

Russia-linked cyber-espionage group Fancy Bear has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world.

Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28, Sednit, Sofacy, Zebrocy, and Strontium) has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world.

According to the tech giant, Russian cyber spies have targeted at least 16 agencies across three continents.

“Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world.” reads the post published by Microsoft. “At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16^th, just before news reports about new potential action being taken by the World Anti-Doping Agency.”

The attacks began on September 16, 2019, while the World Anti-Doping Agency was warning that Russia could face a ban from all major sports events over “discrepancies” in a lab database.

According to Russian whistleblowers, the Russian Anti-Doping Agency (RUSADA) was enabling systemic doping in athletics

After the revelations, the Russia team was suspended from participating in the 2018 Winter Olympics. Now the results of new investigations conducted by the WADA could jeopardize participation in the 2020 Tokio Olympic Games.

Microsoft revealed that only a small portion of the new wave of attacks was successful. The company has already notified all impacted customers and worked with them to secure compromised accounts or systems.

The TTPs used in the most recent attacks are similar to those observed in attacks against governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world.

State-sponsored hackers used multiple attack methods, including spear-phishing, password spray, exploiting internet-connected devices and malware.

In October 2018, the US DoJ indicted seven Russian Intelligence officers for attacking Anti-Doping Organizations.

The hackers were involved in a cyber operation aimed at discrediting the international anti-doping organizations and officials that revealed athlete doping program sustained by Moscow.

The GRU officers hacked into the accounts of officials at the anti-doping organizations to steal confidential data and spread them to and delegitimize the victims.

According to prosecutors, defendants also attempted to spread the fake news on doping programs followed by athletes from other countries.

In September 2016, hackers breached the World Anti-Doping Agency (WADA) and have stolen Olympic athletes’ medical records, the hack was confirmed by the agency. According to the WADA, the hackers accessed the Anti-Doping Administration and Management System (ADAMS) database.

The hackers obtained access to the system by stealing credentials through a spear-phishing attack against an “International Olympic Committee (IOC)-created account for the Rio 2016 Games.”

“As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today. We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet.” concludes Microsoft.”We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”

Pierluigi Paganini

(SecurityAffairs – Fancy Bear, anti-doping)

[adrotate banner=”5″]

[adrotate banner=”13″]