Facing possible exclusion from the 2020 Summer Olympics in Tokyo and other major athletic events, Russia once again has been attempting to hack anti-doping agencies and sports organizations, Microsoft reported yesterday.
In attacks that started on Sept. 16, the reputed Russian APT Fancy Bear targeted at least 16 national and international sports organizations across three continents, wrote Tom Burt, corporate vice president, customer security and trust at Microsoft, in a company blog post.
The Microsoft Threat Intelligence Center has been tracking the activity and found that while some attacks were successful, most were not. “The methods used in the most recent attacks are similar to those routinely used” by the APT group, said Burt, including “spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware.”
“Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems,” Burt continued.
Reports are swirling that Russia may be banned from Olympic competition in 2020 due to discrepancies in lab data it submitted to the World Anti-Doping Agency as a condition for full reinstatement into Olympic competition. Certain Russians were banned from the 2016 and 2018 Olympics, while others were forced to compete under a neutral flag in 2018 as punishment for Russia’s state-sanctioned doping program.
The Russian Anti-Doping Agency (RUSADA) sent its lab drug test data to WADA last January, but some of the results reportedly appeared to be deleted. After WADA opened up an official inquiry last September, Russian officials responded with explanations that are currently under review. WADA’s findings could also decide if Russia is denied entry into the football World Cup in 2022.
Fancy Bear allegedly has previously hacked into anti-doping and sporting agencies, as part of a hacking and disinformation campaign seeking to discredit or embarrass anti-doping organizations and non-Russian athletes. This campaign was allegedly a retaliatory act following the exposure of Russia’s institutionalized doping campaign.
In 2018, the U.S. indicted several officers in Russia’s Main Intelligence Directorate (GRU) military intelligence agency over these hacks, in addition to other cyber operations. To carry out the plot, the defendants allegedly used spear phishing and local hacking techniques to gain unlawful access to networks and data belonging to around 40 sporting organizations, including WADA, the U.S. Anti-Doping Agency, the Canadian Centre for Ethics in Sport (CCES), the International Association of Athletics Federations and FIFA. Some of this data included highly confidential and sensitive medical records.
The stolen information was then strategically cherry-picked, modified and released to reporters and media outlets in order to support Russian perspectives on the scandal, making it look like anti-doping agencies were unfairly singling out Russia while overlooking abuses of the system by other international athletes.