Today, Microsoft has claimed that Russian state-sponsored hacker group Strontium (Fancy Bear/APT28) has been involved in cyberattacks targeting sporting and anti-doping organizations. The Redmond giant's Threat Intelligence Center (MSTIC), which is responsible for monitoring, identifying, and reporting cybercrimes, mentioned the Tokyo 2020 Summer Games being in the crosshairs.
According to the team, "at least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th." Strontium's attacks, which were largely successful, were conducted using techniques like password spray, spear-phishing, exploiting devices connected to the internet, and using open-source and custom malware.
The team at Microsoft noted that the attacks were in direct correlation with the reports that Russian athletes might face a potential ban from all major sporting events following a warning by the World Anti-Doping Agency last month. This is characteristic behavior on part of Strontium, claims Microsoft, as the group of hackers tried to attack anti-doping agencies previously as well. Most notably, after the Russian team was disqualified from the 2018 Winter Olympics, Strontium was also a cog in the wheel of the Olympic Destroyer cyberattack.
To help deal with the threat posed by Strontium and considering the hype leading up to the Olympics, Microsoft believes that raising awareness and sharing significant threat activity is integral. The firm stated that "We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves."
Additionally, Microsoft also had advice for helping users protect themselves against such attacks. The tech giant recommended using two-factor authentication for all accounts, enabling security alerts about suspicious websites, and discovering more about how to protect themselves from phishing attacks.