Fancy Bear, the Russian-sponsored hacker group, recently conducted “significant cyberattacks” on 16 national and international sports and anti-doping organizations, and at least some of the offensives were successful, Microsoft said on Monday.
The attacks began on September 16, just days ahead of news reports that the World Anti-Doping Agency, often known as WADA, had opened proceedings against Russian athletes after finding inconsistencies in lab data. Those proceedings, which involve the manipulation of thousands of anti-doping tests, could lead to the ouster of the Russian athletes.
The attacks are only the latest brazen steps the group has taken to shield against or retaliate for allegations of cheating by Russian Olympic athletes. In 2016, WADA blamed Fancy Bear for a hack that stole confidential medical data. The hackers then published the data, which included the drug regimens of Simon Biles, Serena and Venus Williams, and other athletes, in an attempt to paint them as flouters of WADA regulations. Two years later, hackers WADA identified as Fancy Bear published private emails taken from the International Olympic Committee. The action came after Russia was banned from the Winter Olympics. That same year, Fancy Bear struck the Olympics again with a hack that disrupted ticket sales, Wi-Fi networks, and other functions at the opening of the Winter Olympics. In an attempt to fly a false flag that implicated other nations, Fancy Bear crafted the malware used in the attack with file names and other characteristics used by North Korean and Chinese hacking groups. Microsofts report on Monday didnt identify any of the 16 sports and anti-doping organizations by name. The company did, however, say that the group behind the attacks was Strontium, Microsofts internal name for Fancy Bear, which is also known as APT28, Pawn Storm, Sofacy, Sednit, and Tsar Team. The company had already singled out Strontium twice in the past three months, once in July, in a post detailing the most prolific nation-sponsored hacking groups and again in August in an advisory about IoT hacks used as beachheads to more deeply access sensitive networks.
“The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world,” Tom Burt, Microsofts corporate vice president of customer security & trust, wrote. “Strontiums methods include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-Read More – Source