Some of the attacks were successful but the majority were not, according to a report by Microsoft’s Threat Intelligence Center. The hacks began on Sept. 16 and originated with a hacking group called Strontium, which is also known as Fancy Bear/Apt28, the company said in a blog post.
APT 28 has been linked to the Russian government by cybersecurity researchers, including Crowdstrike and FireEye, and the U.K. Last year, Microsoft President Brad Smith described Strontium as "a group widely associated with the Russian government” in a statement.
Tom Burt, Microsoft’s vice president of customer security and trust, said the methods used in the most recent attack are similar to previous attacks by Strontium against various targets, including governments, militaries, think tanks and financial companies. The methods include spearfishing attacks, exploiting internet-connected devices and using both open-source and custom malware, he said.
Microsoft didn’t identify the anti-doping and sport agencies that were targeted in the attacks.
The U.S. charged Russian intelligence officers with hacking anti-doping organizations in 2018.
Russia was accused of operating a state-sponsored doping program prior to, during and after the 2014 Winter Olympics in Sochi, Russia. As a result, about 111 Russian athletes were barred from competing in the 2016 Summer Olympics in Rio de Janeiro following a report from the World Anti-Doping Agency. Russian athletes were later banned entirely from the 2018 Winter Olympic Games, with some exceptions made for athletes to compete while not representing Russia.
A week after Microsoft says the hacking attacks began in September, the World Anti-Doping Agency said it found “inconsistencies” in lab data provided to the agency from a laboratory in Moscow. The agency gave Russian authorities three weeks to respond to the inconsistencies.
©2019 Bloomberg News. Distributed by Tribune Content Agency, LLC.
