Recent reports from a team of Microsoft information security specialists claim that a group of Russian hackers, sponsored by the Kremlin, is deploying a cyberattack campaign against the IT infrastructure of at least 16 sports and anti-doping organizations around the world, in a campaign related to the upcoming Tokyo 2020 Olympics.
The attacks have been presented over the past
four weeks and appear to be the retaliation for the possible decision of the
World Anti-Doping Agency (WADA) to ban all Russian athletes from any
international sporting event, including world championships and Olympics.
The attacks were attributed to the hacker group known as APT28 or Fancy Bear, also identified by Microsoft as Strontium. According to information security experts, this hacker group has deployed multiple attack variants, including spear phishing campaigns, password theft, use of custom and open source malware, as well as abuse of devices connected to Internet.
This is not the first time this Russian group
has attacked the WADA or some other sporting organization. In 2016, a cell of
APT28 posed as an Anonymous hacker group to leak millions of WADA’s internal
documents, including emails, reports on some athletes and even thousands of
reports known as Therapeutic Use Exemptions, which athletes present to the
Agency in order to consume some prohibited substances during their periods of
injury or illness.
A couple of years later, APT28 began the
deployment of malware known as OlympicDestroyer, with which they tried to
interrupt the broadcasting of the opening ceremony of the Winter Olympic Games
in Pyeongchang, South Korea. Although they did not achieve their goal,
information security experts claim that hackers were close to cutting off the
broadcast, although the incident ended only with the interruption in service of
some routers during the event.
The two attacks occurred after the
International Olympic Committee and WADA decided to ban some Russian athletes
from participating in the 2016 Summer Olympics in Rio de Janeiro and the 2018
Pyeongchang Winter Games. A few months ago, US federal authorities tracked down
some of the hackers responsible for these attacks, and also tried to link the
activities of these threat actors to some Russian intelligence officers. However,
the US authorities did not achieve any arrests.
In face of the possibility of a new ban on
Russian athletes, Microsoft considers that APT28 deploys new and more harmful
attacks against WADA. The company claims that it even has evidence to link some
signs of malicious activity with this hacker group.
Information security experts at the
International Institute of Cyber Security (IICS) mention that it is highly
likely that some of the new attacks detected by Microsoft have been successful,
even if they are only a small portion. However, as a security measure all
potentially affected company customers have already been notified.
