Microsoft announced on Monday that Russian hacker group Fancy Bear, also known as APT28 and Strontium, has begun targeting anti-doping authorities and sporting organisations around the world ahead of the Tokyo Summer Games in 2020.
Microsoft said in a press release that these attacks began on September 16th and some of these have been successful. The tools being used by Fancy Bear in its latest campaign are similar to those used during its previous campaigns when it targeted governments, militaries, think tanks, law firms, human rights organisations, financial firms and universities around the world.
“At least 16 national and international sporting and anti-doping organisations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency.
“Some of these attacks were successful, but the majority were not. Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems,” Microsoft said.
The software giant added that Fancy Bear has been using a variety of tools and methods such as spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware to target organisations and it has targeted sporting and anti-doping organisations using these tools and tactics in 2016 and 2018 as well.
“You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites,” the company added.
Fancy Bear has been targeting sporting organisations since 2016
“It should come as no surprise that Russia is using all its tools of the state to win. After all, hundreds of Russian athletes have been banned over the years for doping at previous Olympics. Once a cheat always a cheat. And what better way to bring a smile to the face of Putin than threw the potentially embarrassing release of PII on American, British, German or French athletes,” says Sam Curry, chief security officer at Cybereason.
“Russia has historically used subterfuge, doping, espionage and clandestine options for everything from cheating in sports to rigging elections. It should come as no surprise that they are seeking an unfair advantage in a domain of competition like the Olympics.
“With population pressure and declining influence, this is a logical move and it’s no surprise that we see them in the Crimea, in foreign elections and now selling Olympic gold in 2020 by hook or crook. Expect more of this with hacking combined with espionage, bribery, blackmail, kidnapping and more. Once someone has broken the rules of engagement to pursue a victory at any cost, the on-ramp to a super highway of more nefarious activity is open,” he adds.
In August last year, Microsoft said that it had taken down six domain-spoofing domains owned by Fancy Bear that spoofed domains owned by democratic institutions and think-tanks in the U.S. such as the International Republican Institute and the Hudson Institute, taking to 84 the total number of fake websites associated with the group.
In January 2018, security researchers at ThreatConnect revealed that Fancy Bear had created several domains that were designed to spoof legitimate domains owned by the likes of the World Anti-Doping Agency (WADA), the US Anti-Doping Agency (USADA), and the Olympic Council of Asia (OCASIA). The campaign was carried out in response to the ban imposed on Russia from participating in the Winter Olympics hosted by South Korea.
Back in 2016, following WADA’s decision to ban Russian athletes from the Rio Olympics due to a large-scale state-backed doping programme, Fancy Bears also hacked into World Anti-Doping Agency’s servers and released documents that contained details of hundreds of athletes who failed dope tests in 2015 and 2016.
In March last year, Fancy Bear was also believed to be behind a cyber attack on systems belonging to UK’s Anti-Doping Agency that fortunately failed to compromise any sensitive information.
“We took the necessary steps to investigate and resolve the situation. No core activity, including our testing programme, has been impacted. We are satisfied that we have appropriate levels of cyber security in place, and we continually review our systems and measures to ensure they are of a very high standard,” ADA said.