The 2020 Summer Olympics will be held in Tokyo next year and as Japan gears up for it, they have to protect themselves from the sophisticated cyberattacks, mainly from state-sponsored hackers.
A short notice has been issued by Microsoft that warns about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack several anti-doping authorities and sporting organizations around the world.
The attacks originate from the ‘Strontium’ Russian hacking group, popularly called as Fancy Bear or APT28 and considered to be linked to the upcoming 2020 Summer Olympics in Tokyo.
The Fancy Bear hacking group, also known as APT28, Sofacy, X-agent, Sednit, Sandworm, and Pawn Storm, is believed to be linked to Russian military intelligence agency GRU and has been in operation since 2007.
This group has been linked to several high profile hacking incidents, which includes hacking the US presidential elections to influence the results, targeting a country with NotPetya ransomware, causing blackouts in the Ukrainian capital Kiev, Pentagon breach etc. to name a few.
The latest cyberattacks began on September 16, supposedly after the World Anti-Doping Agency (WADA) found some irregularities in a database from Russia’s national anti-doping laboratory, warning that Russian athletes could face a ban from competing at Tokyo 2020 Summer Olympics.
According to Microsoft’s Threat Intelligence Center, some of these cyberattacks were successful. The company notified the affected organisations and worked with some of them to “secure compromised accounts or systems.”
Hackers Targeted 16 Sporting and Anti-Doping Organizations
Microsoft confirmed that the Fancy Bear hacking group targeted at least 16 national and international sporting and anti-doping organizations across three continents. However, they did not reveal their identity.
The hacking techniques used by group in the latest campaign includes spear-phishing, password spray, exploiting internet-connected devices, and the use of both open-source and custom malware.
These techniques were evidently proven to be very effective in previous cyber attacks by Fancy Bear against governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world.
This is not the first time when Fancy Bear hackers have targeted anti-doping organisations. In the 2016 Rio Summer Olympics, the Fancy Bear leaked confidential athlete data from the World Anti-Doping Agency (WADA) in retaliation against the agency in 2016.
The group also conducted state-sponsored attacks during the Pyeongchang 2018 Winter Olympics held in South Korea. Even though the malware did not disrupt the live feed during the opening ceremony, it was successful in disrupting the official website for the Winter Games for 12 hours, compromising Wi-Fi in the Pyeongchang Olympic stadium, and failing televisions and internet at the main press center, leaving attendees unable to print their tickets for events or get venue information.
In order to protect your organization from becoming a victim of Fancy Bear and any kind of similar cyberattack campaigns, Microsoft has recommended to deploy two-factor authentication (2FA) on all your business and personal email accounts and also enable security alerts about links and files from suspicious websites.
Also make sure that your employees are aware of phishing attacks, so that they will not be tricked into providing any sort of personal data to attackers.