Fancy Bear/APT28: In 2016, during the time of the Olympics, Russian athletes were under scrutiny for their use of steroids or “doping” drugs. Because of these athletes being outed, the Russian-backed hacking group Fancy Bear decided to take it upon themselves to start targeting anti-doping authorities, as well as releasing information and proof of others involved in the Olympics using illegal substances. Recently, Microsoft has seen at least 16 anti-doping authorities being targeted by Fancy Bear in the same way that the attacks were carried out previously. The group is using spear-phishing, password spraying, exploiting internet-connected devices and custom or open-source malware to carry out these attacks. These tactics are exactly how Fancy Bear has operated in the past, which allowed Microsoft to link the group to the attacks. To read more about the attacks from Fancy Bear on the Olympics, read here: https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/
Analyst Notes
These attacks are likely being carried out because of the upcoming Olympics in 2020. These attacks were seen during the Olympics in both 2016 when they started, and in the following Olympics in 2018. The group may continue to target anti-doping authorities leading up to the Olympics, trying to “out” other athletes.
