Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28, Sednit, Sofacy, Zebrocy, and Strontium) has carried out multiple
According to the tech giant, Russian cyber spies have targeted at least 16 agencies across three continents.
“Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant
The attacks began on September 16, 2019, while the World Anti-Doping Agency was warning that Russia could face a ban from all major sports events over “discrepancies” in a lab database.
After the revelations, the Russia team was suspended from participating in the 2018 Winter Olympics. Now the results of new investigations conducted by the WADA could jeopardize participation in the 2020 Tokio Olympic Games.
Microsoft revealed that only a small portion of the new wave of attacks was successful. The company has already notified all impacted customers and worked with them to secure compromised accounts or systems.
The TTPs used in the most recent attacks are similar to those observed in attacks against governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world.
State-sponsored hackers used multiple attack methods, including spear-phishing, password spray, exploiting internet-connected devices and malware.
The hackers were involved in a cyber operation aimed at discrediting the international anti-doping organizations and officials that revealed athlete doping program sustained by Moscow.
The GRU officers hacked into the accounts of officials at the anti-doping organizations to steal confidential data and spread them to and
According to prosecutors, defendants also attempted to spread the fake news on doping programs followed by athletes from other countries.
In September 2016, hackers breached the World Anti-Doping Agency (WADA) and have stolen Olympic athletes’ medical records, the hack was confirmed by the agency. According to the WADA, the hackers accessed the Anti-Doping Administration and Management System (ADAMS) database.
The hackers obtained access to the system by stealing credentials through a spear-phishing attack against an “International Olympic Committee (IOC
“As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today. We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet.” concludes Microsoft.”We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”