Fancy Bear hackers target anti-doping agencies ahead of Tokyo 2020 Olympics

The infamous Fancy Bear hackers have carried out multiple cyberattacks against anti-doping agencies ahead of the Tokyo 2020 Olympics.

Details of the hacks were published by the Microsoft Threat Intelligence Centre, which revealed that the cyber criminal organisation attacked at least 16 national and international doping authorities.

Fancy Bear, also known as Strontium and APT28, previously hit headlines in 2016 when they published data stolen from the World Anti-Doping Agency (WADA), including details of Sir Bradley Wiggins’s controversial Therapeutic Use Exemption (TUE).

The fallout from the Wiggins revelations were significant, resulting in a committee of MPs saying Team Sky “crossed an ethical line” by giving the 2012 Tour de France winner triamcinolone.

In a blog post, published on Tuesday (October 29), Microsoft’s corporate vice president for customer security, Tom Burt, said: “Today we’re sharing that the Microsoft Threat Intelligence Centre has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organisations around the world.

“As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.”

Microsoft has revealed that the 16 attacks began on September 16, just before new reports revealed WADA was considering banning Russia from the Olympics because discrepancies at the Moscow anti-doping lab.

Some of the attacks were successful, Microsoft said, but the majority were not. Everyone affected by the hacks has been notified.

Fancy Bear used the same techniques they have used to target governments, militaries, think tanks, law firms, human rights organisations, financial firms and universities, including spear-phishing (fraudulent emails), password spray (trying common passwords), exploiting internet-connected devices, and the use of open-source and custom malware.

The previous campaign against anti-doping organisations, between December 2014 and at least May 2018, was aimed to discredit the efforts of the organisations and officials who had exposed Russian state-sponsored doping, which resulted in more than 100 Russian athletes being excluded from competing in the 2016 Rio Olympics.

As a result of the hacks between 2014 and 2018, the US Department of Justice indicted seven Russian intelligence officers for computer hacking, wire fraud, aggravated identity theft and money laundering.