Fancy Bear has begun targeting anti-doping authorities and sporting organizations ahead of the 2020 Summer Olympic Games.
On October 28, the Microsoft Threat Intelligence Center revealed that it had identified at least 16 national and international organizations targeted by these attacks.
Microsoft’s analysis of these campaigns revealed that Fancy Bear, which also goes by “Strontium” and “APT28,” initiated these attacks on September 16. It also uncovered that the techniques employed by the threat group were similar to those used in some of its previous operations.
Tom Burt, corporate vice president of customer security & trust at Microsoft, clarified these similarities in the company’s disclosure of the campaign:
The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world. Strontium’s methods include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware.
The threat group has targeted anti-doping organizations before. In 2016, for instance, the World Anti-Doping Agency confirmed that Fancy Bear had accessed its Anti-Doping Administration and Management System (ADAMS) and publicly posted some of that asset’s information. That data showed how several U.S. athletes had received permission to participate at the Rio 2016 Olympics despite testing positive for substances that the International Olympics Committee had previously banned.
Researchers at Microsoft found that only a minority of this most recent campaign’s attacks were successful. In those cases, the tech giant reached out to affected organizations and offered its assistance in restoring their compromised systems/accounts.
The Microsoft Threat Intelligence Center urged organizations to defend themselves against attacks launched by Fancy Bear and similar threat groups by implementing multi-factor authentication, using security awareness training to educate their employees about the most common types of phishing campaigns and enabling security alerts on files and links that originate from suspicious websites.