Skip to main content

Fancy Bear hackers return to target sporting organisations

(Image credit: Image source: Shutterstock/alexskopje)

Anti-doping and global sporting organisations around the world have become targets of a “significant” cyberattacking campaign, Microsoft said in a recent blog post.

The software giant said the group behind the attack is mostly likely APT28, also known as Fancy Bear (among other names). For those unfamiliar with the name, Fancy Bear is considered a Russian state-sponsored attacker and is being linked to a couple of high-profile cyber espionage events.

In this particular case, however, Microsoft said that at least 16 national and international sporting and anti-doping organisations on three continents were targeted. The attack started on September 16 and was, for the most part, unsuccessful.

That does mean, however, that the attack was – in part – successful.

Microsoft didn’t say exactly what that meant, and if any data was compromised. It did remind everyone that in 2016 and 2018, the same group released medical records and emails stolen from sporting organisations and anti-doping officials.

As a result, some people were charged with international hacking and related influence and disinformation operations. Microsoft said that the methods used this time around were similar to those used earlier by the same group, when it targeted governments, militaries, think-tanks, law firms, human rights organizations, financial firms and universities all over the world.

They use spear-phishing, password spray, open and vulnerable internet-connected devices, as well as open-source and custom malware.

All of its customers targeted in this campaign were notified, Microsoft concluded.