Summer Olympics Battle Fancy Bear
Fancy Bear, also known as APT28, Strontium, and Sofacy, is the Russian hacker group made famous by their attacks on the International Olympic Committee of 2018. It is sad to say their campaigns are at it again, targeting the Tokyo Summer Olympics, set for July 2020.
Fancy Bear, the widely accepted Russian state-sponsored hacking group hit the 2018 Olympics in phishing attacks towards the World Anti-Doping Agency (WADA) and the Berlinger Group, a drug test bottling company. Fancy Bears where able to access the WADA database and released the medical records and emails for U.S. Olympic gymnastics phenom Simone Biles, as well as tennis stars Serena Williams, and Rafael Nadal.
This was apparently in retaliation for the ban of Russian athletes due to doping regulations in the 2018 Winter Olympics. These attacks led to the U.S. charging members of the Fancy Bear team that year with computer hacking, wire fraud, aggravated identity theft, and money laundering.
At least 16 anti-doping authorities and global sporting corporations have been hit hard by hackers as they ready themselves for the Tokyo Summer Olympic Games.
Starting in mid-September, this round of attacks has been tied to Fancy Bear through their methods, which Microsoft have pointed out are commonly utilized by Strontium to attack governments, militaries, and human rights groups internationally. These methods typically include spear phishing and both open-source and custom malware.
Why hit WADA again?
Not only are the Summer Olympics fast approaching but WADA issued a warning in September that Russia may face yet another major ban from all the sporting events, as discrepancies were found in a Russian lab database.
WADA speaks out
A WADA spokesperson has denied any evidence of a breach on their systems and were quick to point out that they are on top of using all technological advancements to ensure their users safety.
“WADA takes the issue of cyber-security extremely seriously,” ..As a matter of course, the Agency closely and continually monitors all its systems, regularly updating and strengthening its defenses ‘.”
Microsoft, rather than engaging with WADA’s denials around being hacked, has simply pointed out that anti-doping and sporting organization employees enable multi - factor authentication on all business and personal email accounts, take training on phishing detection, and enable security alerts about links and files from doubtful websites.
Whilst this has been going on, over the past week, hackers posing as Fancy Bear attackers were noticed initiating DDoS attacks against Financial enterprises and demanding ransom payments.
Whether this group can be tied to the real Fancy Bear or not is still unknown. The threat on the other hand from these State-sponsored hacktivists is very real.
Key Take Away
The World Anti-Doping Agency, along with other Olympic committees need to vastly improve their cybersecurity game plan if they are planning to limit Russian entry at Tokyo 2020.