430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

APT

Fancy Bear continues to target sporting and anti-doping organizations

Russia-linked cyber-espionage group Fancy Bear has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28, Sednit, Sofacy, Zebrocy, and Strontium) has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. According to the tech giant, Russian cyber spies have targeted at least 16 agencies […]

fancy bear

Russia-linked cyber-espionage group Fancy Bear has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world.

Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28SednitSofacyZebrocy, and Strontium) has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world.

According to the tech giant, Russian cyber spies have targeted at least 16 agencies across three continents.

“Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world.” reads the post published by Microsoft. “At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency.”

The attacks began on September 16, 2019, while the World Anti-Doping Agency was warning that Russia could face a ban from all major sports events over “discrepancies” in a lab database.

According to Russian whistleblowers, the Russian Anti-Doping Agency (RUSADA) was enabling systemic doping in athletics

After the revelations, the Russia team was suspended from participating in the 2018 Winter Olympics. Now the results of new investigations conducted by the WADA could jeopardize participation in the 2020 Tokio Olympic Games.

Microsoft revealed that only a small portion of the new wave of attacks was successful. The company has already notified all impacted customers and worked with them to secure compromised accounts or systems.

The TTPs used in the most recent attacks are similar to those observed in attacks against governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world.

State-sponsored hackers used multiple attack methods, including spear-phishing, password spray, exploiting internet-connected devices and malware.

In October 2018, the US DoJ indicted seven Russian Intelligence officers for attacking Anti-Doping Organizations.

The hackers were involved in a cyber operation aimed at discrediting the international anti-doping organizations and officials that revealed athlete doping program sustained by Moscow.

The GRU officers hacked into the accounts of officials at the anti-doping organizations to steal confidential data and spread them to and delegitimize the victims.

According to prosecutors, defendants also attempted to spread the fake news on doping programs followed by athletes from other countries.

In September 2016, hackers breached the World Anti-Doping Agency (WADA) and have stolen Olympic athletes’ medical records, the hack was confirmed by the agency. According to the WADA, the hackers accessed the Anti-Doping Administration and Management System (ADAMS) database.

The hackers obtained access to the system by stealing credentials through a spear-phishing attack against an “International Olympic Committee (IOC)-created account for the Rio 2016 Games.”

“As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today. We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet.” concludes Microsoft.”We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Fancy Bear, anti-doping)

[adrotate banner=”5″]

[adrotate banner=”13″]