Microsoft claims that Russian hackers from the Fancy Bear group (aka Strontium and APT28) are attacking anti-doping organizations ahead of the Tokyo Olympics next year.
According to the company, at least 16 anti-doping organizations have already been attacked.“At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency”, — report Microsoft IS-specialists.
Fancy Bear used its standard techniques: targeted phishing, password spraying (different usernames are tried and used with the same password, hoping to find a poorly protected account), attacks on IoT devices, as well as all kinds of malware, including open source and custom.
According to Microsoft, some of these attacks were successful, but most were not.
“Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems”, — reported in company.
The attacks occurred in September 2019, after the World Anti-Doping Agency (WADA) announced that it would possibly ban the participation of Russian athletes in sports events, including the upcoming World Championships and the Olympic Games.
Recall that APT28 is not the first time attacking sports and anti-doping organizations. For example, in 2016, the group compromised WADA and published in the public domain a number of documents stolen from the organization, including doping tests of American athletes.
Read also: Microsoft and NIST will teach business how to install patches
In 2017, Fancy Bear was associated with an attack on the International Association of Athletics Federations. Finally, in 2018 appeared Olympic Destroyer malware, which was used for attacks during the Winter Olympic Games in Pyeongchang, and was later seen in attacks against financial organizations in Russia, as well as biological and chemical threat prevention laboratories in Europe and Ukraine.
Many believe that these incidents were a kind of response of the Russian authorities and “government hackers” to the bans that were imposed on some Russian athletes (bans on participation in the 2016 Summer Olympic Games in Rio and the Winter Olympic Games in Pyeongchang in 2018).
How can organizations protect data from attacks by annoyed Russian hackers? (Tips from Microsoft).
We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet.
You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites.