Skip to main content

Fancy Bear hackers targeting anti-doping agencies ahead of Tokyo Olympics

The US indicted seven Russian intelligence agents involved in the 'fancy bear' hacks on WADA
(Image credit: Getty Images)

Microsoft's Threat Intelligence Center issued an alert on Tuesday that the Russian hacking group known as Fancy Bear (also known as Strontium or APT28) has been attempting to hack anti-doping authorities ahead of the 2020 Summer Olympics in Tokyo. 

The center said that threats to at least 16 national and international sport and anti-doping organisations began on September 16, one day before the World Anti-Doping Agency (WADA) announced it had discovered "inconsistencies" in data from the Moscow Anti-Doping Laboratory that was key to Russia's newly reinstated code compliance.

Fancy Bear hacked into the Wi-Fi networks used by anti-doping officials during the 2016 Summer Games in Rio de Janeiro, accessing an IOC official's credentials to gain access WADA's Anti-Doping Administration and Management System [ADAMS] database. 

The attack was in retaliation for the Russian team's widespread ban from the Games as a result of earlier state-sponsored doping and falsification of anti-doping tests. The hackers also attempted but failed to access UK Anti-Doping's computer systems.

From ADAMS, hackers obtained athletes Therapeutic Use Exemption (TUE) forms and published information on a number of athletes, including Bradley Wiggins, Chris Froome, Jack Bobridge, Laura Trott, Fabian Cancellara, Jacob Fuglsang, Stephen Cummings and Calum Skinner.

The US authorities indicted seven Russian intelligence officers in October, 2018 for the cyber-attack.

Microsoft said that some of the recent attacks were successful, and it has "notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems".

They warned that the methods used in the most recent attacks were similar to those used to target many other government and private organisations and "include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware."

"We believe it's important to share significant threat activity like that we're announcing today. We think it's critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet. 

"We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves," the Microsoft statement read, recommending that users enable two-factor authentication, learn how to spot phishing schemes and to enable security alerts about links and files from suspicious websites in order to combat the threats.