Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics (Oct 29, 2019)
A Russian Advanced Persistent Threat (APT) group, Fancy Bear, has once again been attributed to a cyberattack targeting the World Anti-Doping Agency (WADA). Microsoft has observed an increase in highly-targeted cyberattacks by Russian state-sponsored threat actors targeting multiple anti-doping authorities and different sporting organizations from around the world. Fancy Bear is also known as APT28, Pawn Storm, Sandworm, Sednit, Sofacy, and Strontium. The attacks on these organisations come shortly after the World Anti-Doping Agency (WADA) found anomalies in a Russian database regarding its national anti-doping lab. The group targeted these organisations with multiple techniques including: brute force, exploiting internet-connected devices, spearphishing, and the use of open-source and custom malware.
Recommendation: The global stage of events causes threat actors, often APT groups, to target entities and individuals directly involved, or by using Olympic-themed lures. All Internet-connected devices should be viewed as a potential liability. It is suggested that the device is placed behind a firewall or network address translation and placed within a Virtual Local Area Network (VLAN). In addition, changing the default password on all devices in use will help mitigate brute-force attacks. Furthermore, educate your employees on how to identify spearphishing emails, such as poor grammar and urgent content, and whom to contact if such an email is found.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.