A cyber criminal group is targeting anti-doping authorities and sporting organisations around the world ahead of the 2020 Summer Olympics set for Tokyo.
This is according to the Microsoft Threat Intelligence Centre, which has tracked significant cyber attacks originating from a group it calls Strontium, also known as Fancy Bear/APT28.
Fancy Bear is a Russian cyber espionage group. Cyber security firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency, GRU.
The UK's Foreign and Commonwealth Office, as well as security firms SecureWorks, ThreatConnect and Fireeye’s Mandiant, have also said the group is sponsored by the Russian government.
In 2018, an indictment by the US Special Counsel identified Fancy Bear as two GRU units known as Unit 26165 and Unit 74455.
“As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity,” says Tom Burt, Microsoft’s corporate vice-president for customer security and trust, in a blog post.
According to Microsoft, at least 16 national and international sporting and anti-doping organisations across three continents were targeted in these attacks which began on 16 September, just before news reports about new potential action being taken by the World Anti-Doping Agency.
“Some of these attacks were successful, but the majority were not. Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems,” says Burt.
The World Anti-Doping Agency recently warned that Russia could face a ban from all major sports events over “discrepancies” in a lab database, says a BBC report.
It adds the country has been given three weeks to explain “inconsistencies” or risk being excluded from the Olympics and world championships.
Earlier this year, a dozen world-class Russian track and field athletes with Olympic gold medallists among them were handed doping bans and stripped of their medals.
Russian officials have denied the doping was state-sponsored.
Microsoft says this is not the first time Strontium has targeted such organisations. It notes the group reportedly released medical records and e-mails taken from sporting organisations and anti-doping officials in 2016 and 2018, resulting in a 2018 indictment in federal court in the US.
“The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organisations, financial firms and universities around the world,” says Burt.
He points out that Strontium’s methods include spear-phishing, password spray, exploiting Internet-connected devices and the use of both open source and custom malware.
“We’ve previously announced separate Strontium activity we’ve seen targeting organisations involved in the democratic process and have described the legal steps we routinely take to prevent Strontium from using fake Microsoft Internet domains to execute its attacks.
“Additionally, the data and information we learn from our disruption work is used to improve the security and security features of our products and services.
“As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today. We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the Internet.”
Share