Skip to main content

Fancy Bear hackers return to target sporting organizations

hacker targeting a PC
(Image credit: Shutterstock)

As the world prepares for the Tokyo Summer Games in 2020, Microsoft has announced that it has tracked significant cyberattacks targeting anti-doping authorities and global sporting organizations from a hacker group known as Fancy Bear or Strontium.

In a blog post, the software giant revealed that the Microsoft Threat Intelligence Center has been carefully following the activity of the group which also goes by the name APT28.

According to Microsoft, at least 16 national and international sporting and anti-doping organizations across three continents were targeted in this latest round of cyberattacks which began on September 16. The attacks themselves occurred just before the news broke that the World Anti-Doping Agency was planning on taking further action ahead of next year's Summer Olympics.

While some of the attacks were successful, Microsoft has said that the majority were not and the company has notified all of the customers targeted in these attacks.

Return of Fancy Bear

Strontium or Fancy Bear if you prefer, is one of the world's oldest cyber espionage groups and it has also been called Sofancy and Pawn Storm by a number of security firms and government officials. According to the cybersecurity company Crowdstrike, the group could even be associated with the Russian military intelligence agency GRU.

In its blog post, Microsoft said that Fancy Bear was reportedly responsible for releasing medical records and emails obtained from sporting organizations and anti-doping officials in 2016 and 2018. These leaked documents led to an indictment in US federal court in 2018.

The methods employed in these most recent attacks were similar to those used by Fancy Bear to target governments, militaries, think tanks, human rights organizations, financial firms and universities all over the world.

Fancy Bear uses spear-phishing, password spray, exploiting internet-connected devices as well as open-source and custom malware to launch its attacks.

With the Tokyo Summer Games on the horizon, expect more attacks from the group and also from other hackers who wish to disrupt the event and prey on attendees.

Via Reuters