- APT28 is at it again, targeting anti-doping agencies from around the globe.
- As we approach the Tokyo 2020 Olympics, the tensions between Russians and WADA are increasing.
- The hackers are using all their power and methods against the agencies, and Microsoft is coming to their rescue.
As we gradually approach the Tokyo 2020 Summer Olympics, Russian hackers are increasing their efforts to disrupt the operations of various anti-doping agencies. According to reports by Microsoft, they have noticed attacks originating from the hacking group known as “Fancy Bear”, or APT28. This is a group that Microsoft has been following very closely, accusing it of attacking enterprise customers in July, and disrupting republican websites ahead of midterm elections in August 2018. Now, APT28 is reportedly targeting at least 16 national and international anti-doping organizations from around the world, many of which participate in the Tokyo 2020 Olympics program.
The same group has shown its interest in the field again in the past, exposing athlete data after hacking into WADA (World Anti-Doping Agency) systems during the 2016 Olympics in Rio, Brazil. Similarly, they deployed the malware named “Olympic Destroyer” against the official network of the Pyeongchang 2018 Winter Olympics, resulting in 12 hours of network disruption in the press center of the Olympic stadium. Still, the hackers are roaming free, and they can dive into doing their favorite thing against Tokyo 2020 now.
Microsoft states that the recent attack wave began on September 16, with the majority of the group’s efforts not being successful. Microsoft has also informed the targets directly and is actively helping them to secure any compromised accounts and increase the resilience of their systems as we move closer to the games. Reportedly, the group is using every possible weapon and method in their arsenal, ranging from password spraying, spear-phishing, exploitation of IoTs, and deployment of open-source as well as custom made and highly sophisticated malware tools. Anti-doping agencies can protect themselves by enabling two-factor authentication on their email accounts, implement phishing detection systems, and enable a comprehensive alerting system that parses links and files from suspicious websites.
The reason why Russian hackers want to keep on exposing anti-doping agencies is that they feel that the 2017 Russian athletes ban from the International Olympic Committee was unfair, politically motivated, and staged. The ban applied to the 2018 Olympics as well, with 35 medals since 2014 being stripped and many athletes getting life bans (some were overturned later). Russia is scheduled to participate in the 2020 Olympics, but WADA has recently stated that they are planning to revisit the reviewing of 2018 samples that may have been manipulated. If this is found to be true, the Russian national ban will stay put for the upcoming Olympics, and APT28 is not happy about it.