Fancy Bear hackers targeting anti-doping agencies ahead of Tokyo Olympics

The US indicted seven Russian intelligence agents involved in the 'fancy bear' hacks on WADA
(Image credit: Getty Images)

Microsoft's Threat Intelligence Center issued an alert on Tuesday that the Russian hacking group known as Fancy Bear (also known as Strontium or APT28) has been attempting to hack anti-doping authorities ahead of the 2020 Summer Olympics in Tokyo. 

The center said that threats to at least 16 national and international sport and anti-doping organisations began on September 16, one day before the World Anti-Doping Agency (WADA) announced it had discovered "inconsistencies" in data from the Moscow Anti-Doping Laboratory that was key to Russia's newly reinstated code compliance.

Fancy Bear hacked into the Wi-Fi networks used by anti-doping officials during the 2016 Summer Games in Rio de Janeiro, accessing an IOC official's credentials to gain access WADA's Anti-Doping Administration and Management System [ADAMS] database. 

The attack was in retaliation for the Russian team's widespread ban from the Games as a result of earlier state-sponsored doping and falsification of anti-doping tests. The hackers also attempted but failed to access UK Anti-Doping's computer systems.

From ADAMS, hackers obtained athletes Therapeutic Use Exemption (TUE) forms and published information on a number of athletes, including Bradley Wiggins, Chris Froome, Jack Bobridge, Laura Trott, Fabian Cancellara, Jacob Fuglsang, Stephen Cummings and Calum Skinner.

The US authorities indicted seven Russian intelligence officers in October, 2018 for the cyber-attack.

Microsoft said that some of the recent attacks were successful, and it has "notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems".

They warned that the methods used in the most recent attacks were similar to those used to target many other government and private organisations and "include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware."

"We believe it's important to share significant threat activity like that we're announcing today. We think it's critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet. 

"We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves," the Microsoft statement read, recommending that users enable two-factor authentication, learn how to spot phishing schemes and to enable security alerts about links and files from suspicious websites in order to combat the threats.

Thank you for reading 5 articles in the past 30 days*

Join now for unlimited access

Enjoy your first month for just £1 / $1 / €1

*Read any 5 articles for free in each 30-day period, this automatically resets

After your trial you will be billed £4.99 $7.99 €5.99 per month, cancel anytime. Or sign up for one year for just £49 $79 €59

Join now for unlimited access

Try your first month for just £1 / $1 / €1

Cyclingnews is the world's leader in English-language coverage of professional cycling. Started in 1995 by University of Newcastle professor Bill Mitchell, the site was one of the first to provide breaking news and results over the internet in English. The site was purchased by Knapp Communications in 1999, and owner Gerard Knapp built it into the definitive voice of pro cycling. Since then, major publishing house Future PLC has owned the site and expanded it to include top features, news, results, photos and tech reporting. The site continues to be the most comprehensive and authoritative English voice in professional cycling.