Recent reports from a team of Microsoft information security specialists claim that a group of Russian hackers, sponsored by the Kremlin, is deploying a cyberattack campaign against the IT infrastructure of at least 16 sports and anti-doping organizations around the world, in a campaign related to the upcoming Tokyo 2020 Olympics.
The attacks have been presented over the past four weeks and appear to be the retaliation for the possible decision of the World Anti-Doping Agency (WADA) to ban all Russian athletes from any international sporting event, including world championships and Olympics.
The attacks were attributed to the hacker group known as APT28 or Fancy Bear, also identified by Microsoft as Strontium. According to information security experts, this hacker group has deployed multiple attack variants, including spear phishing campaigns, password theft, use of custom and open source malware, as well as abuse of devices connected to Internet.
This is not the first time this Russian group has attacked the WADA or some other sporting organization. In 2016, a cell of APT28 posed as an Anonymous hacker group to leak millions of WADA’s internal documents, including emails, reports on some athletes and even thousands of reports known as Therapeutic Use Exemptions, which athletes present to the Agency in order to consume some prohibited substances during their periods of injury or illness.
A couple of years later, APT28 began the deployment of malware known as OlympicDestroyer, with which they tried to interrupt the broadcasting of the opening ceremony of the Winter Olympic Games in Pyeongchang, South Korea. Although they did not achieve their goal, information security experts claim that hackers were close to cutting off the broadcast, although the incident ended only with the interruption in service of some routers during the event.
The two attacks occurred after the International Olympic Committee and WADA decided to ban some Russian athletes from participating in the 2016 Summer Olympics in Rio de Janeiro and the 2018 Pyeongchang Winter Games. A few months ago, US federal authorities tracked down some of the hackers responsible for these attacks, and also tried to link the activities of these threat actors to some Russian intelligence officers. However, the US authorities did not achieve any arrests.
In face of the possibility of a new ban on Russian athletes, Microsoft considers that APT28 deploys new and more harmful attacks against WADA. The company claims that it even has evidence to link some signs of malicious activity with this hacker group.
Information security experts at the International Institute of Cyber Security (IICS) mention that it is highly likely that some of the new attacks detected by Microsoft have been successful, even if they are only a small portion. However, as a security measure all potentially affected company customers have already been notified.