Microsoft: Russian-linked hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics
Microsoft on Monday revealed that a group of Russian state-sponsored hackers that calls itself “Strontium” (also commonly known as APT28 or Fancy Bear) has made “significant” attacks on anti-doping authorities and global sporting organizations across three continents since September 16th. The group could affect the Tokyo 2020 Olympic Games, the company warned.
“Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity,” Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust said in a blog post.
“At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency.”
According to Microsoft, some of these attacks found in recent weeks were successful, but majority of them were not. The company has notified all customers targeted in these attacks and have worked to secure compromised accounts or systems.
Strontium is the same group that is responsible for hacking the Democratic National Committee (DMC) in 2016, as well as previous cyberattacks on sports and antidoping officials between 2014 and 2018. It was also linked to a 2018 incident in which emails stolen from athletic officials and anti-doping investigators were disclosed to the public.
According to Microsoft, the group had begun their attacks days before the World Anti-Doping Agency (WADA) threatened to ban Russian athletes from the Olympics and other major sporting events after finding “inconsistencies” in compliance with anti-doping standards.
“The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firm, human rights organizations, financial firms and universities around the world,” Burt wrote. “Strontium’s methods include spearphishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware.”
With the threat posed by Strontium, the company believes that by raising awareness of these cyber risks to organizations and individuals ahead of the 2020 Summer Olympics in Tokyo would help them take steps to protect themselves.
The company recommends using two-factor authentication on all business and personal email accounts, learning how to spot phishing schemes and enable security alerts about links and files from suspicious websites.