The Fancy Bear is back on the prowl.
Microsoft said the Russian state-backed hacking group has targeted at least 16 national and international sporting and anti-doping organizations ahead of the 2020 Summer Olympics in Tokyo.
The campaigns mounted by the threat actor — also known by a variety of monikers like APT28, Sofacy, and Strontium — is said to have started on September 16, shortly before reports emerged about possible action by the World Anti-Doping Agency (WADA) against Russian athletes.
The Windows maker said the attacks involved the use of spearphishing, brute force password spraying, and both open-source and custom malware, as well as exploiting internet-connected devices.
The company hasn’t divulged the exact specifics of the attack or the group’s motivation behind them, but stated it notified all the targeted customers and that it worked with those who sought its help to secure compromised accounts.
“Some of these attacks were successful, but the majority were not,” Microsoft‘s Tom Burt said.
The Fancy Bear group — active since 2004 — is known for its cyber espionage activity, and has been notorious for its involvement in the 2016 hacks of the Democratic National Committee and the NotPetya attacks against Ukranian banks and infrastructure in June 2017.
APT28 also has a history of going after anti-doping agencies and sporting event infrastructure. It breached WADA in 2016 and leaked confidential athlete medical data.
It also released the Olympic Destroyer malware targeting the 2018 Winter Olympics in PyeongChang after the Russian team was suspended over doping charges, temporarily paralyzing IT systems, killing Wi-Fi, and taking down the Olympics website to prevent visitors from printing tickets.
Then late last year, US authorities managed to indict several Russian intelligence officers in connection with the 2016 WADA hack, although they were never arrested.
Given this checkered past, it’s only a matter of time before the country’s saboteurs stage yet another full-blown Olympics-related cyberattack.