As Japan prepares for the 2020 Summer Olympics in Tokyo, concerns are escalating regarding potential sophisticated cyberattacks from state-sponsored hackers. Microsoft has issued a warning about a recent surge in targeted attacks attributed to a group of Russian state-sponsored hackers, known as Strontium, or more widely recognized as Fancy Bear (APT28), which are targeting various anti-doping agencies and sporting organizations globally.
These attacks, linked to the impending Olympics, aim at compromising the integrity and operations of organizations tasked with maintaining fair play in sports. Fancy Bear, a hacking group believed to have associations with Russia’s military intelligence agency (GRU), has a history of high-profile hacking incidents that include interference in the US presidential elections and large-scale ransomware attacks like NotPetya, as well as disruption of critical infrastructure in Ukraine.
Recently, the group intensified its actions after the World Anti-Doping Agency (WADA) detected anomalies in data from Russia’s national anti-doping laboratory. This discovery prompted warnings that Russian athletes might face bans from competing in the Tokyo games. Microsoft’s Threat Intelligence Center reported that while some of these cyber incursions were successful, the majority failed. The company has been actively notifying affected organizations and aiding in the security of compromised systems.
Microsoft further disclosed that Fancy Bear has conducted attacks against at least 16 sporting and anti-doping organizations across three continents. The tactics employed in these cyber strikes involved various methods such as spear-phishing, password spraying, and exploiting vulnerabilities in internet-connected devices. These well-documented techniques, while not novel, have proven highly effective in past operations conducted against diverse targets, including governments and large enterprises around the world.
This marks not the first time Fancy Bear has targeted anti-doping organizations. During the Rio 2016 Olympics, they leaked confidential athlete data from WADA as retaliation against measures taken against Russian athletes. The group’s malicious activities also reportedly extended to the Pyeongchang 2018 Winter Olympics in South Korea, where they deployed the Olympic Destroyer malware to obstruct official networks, impacting communications and event operations for hours.
To counteract risks associated with such cyber threats, cybersecurity experts, including those from Microsoft, recommend implementing two-factor authentication (2FA) across all business and personal email accounts and activating alerts for any suspicious links or files. Furthermore, educating employees about recognizing phishing attempts can equip organizations to guard against compromises of their sensitive data.
In alignment with the MITRE ATT&CK framework, the Fancy Bear group likely utilized a combination of initial access and execution tactics, including phishing for initial entry points, followed by various persistence and privilege escalation techniques to maintain access and control over targeted systems. As the date for the Tokyo 2020 Olympics approaches, vigilance and proactive cybersecurity measures will be crucial for organizations in the sports and anti-doping sectors to mitigate potential risks.
This ongoing situation underlines the importance of cybersecurity readiness in the face of evolving threats. Organizations must remain vigilant and prepared to defend against sophisticated cyberattacks to protect their integrity and operational capabilities in the lead-up to major international events.
