Notorious hacking group Strontium (also known as Fancy Bear, APT28, Sofacy or Sednit) has recently launched a slew of cyberattacks aimed at anti-doping and sports-related organizations ahead of the Tokyo Olympics in 2020, Microsoft warned.
In a brief report the company said that the attacks it detected began on September 16, just before the news from the World Anti-Doping Agency (WADA) about inconsistencies found in a database from Russia's national anti-doping laboratory. The group targeted at least 16 national and international organizations across three continents. The company did not name any specific targets, but said that the majority of the attacks were unsuccessful.
As for the techniques used in the recent attacks, Microsoft says that Strontium leveraged its usual methods previously seen in the campaigns targeting governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world. These methods include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware, the researchers say.
It is unclear how many agencies were hacked, but the company says that it notified its customers affected by the attacks and worked with those seeking help to secure compromised accounts or systems.
Anti-doping organizations have for a long time long been a subject of interest to Strontium. For example, the group was linked to incidents in 2016 and 2018 in which emails and medical records stolen from sporting organizations and anti-doping officials were made public, leading to a 2018 indictment in federal court in the United States.