Russian hackers have begun a hacking campaign targeting at least 16 national and international sporting and anti-doping organizations spanning across three continents on September 16. This is not the first time that they have targeted such organizations. These attacks raise the question of whether the 2020 Tokyo Summer Games is in their target list?
Majority of attacks were not successful
This Monday, Microsoft Vice President Tom Burt wrote a blog post about new cyberattacks targeting sporting and anti-doping organizations. According to Burt, The Russian state-sponsored hacking group Fancy Bear/APT28 has been attacking since 16 September 2019. This group is to be believed as an offshoot of Strontium which is another hacker group. He warned about new potential actions being taken by the World Anti-Doping Agency.
Microsoft Threat Intelligence Center discovered these significant cyberattacks and Burt shared details about them: “Some of these attacks were successful, but the majority were not. Microsoft has notified all targeted customers in these attacks and has worked with those who have sought our help to secure compromised accounts or systems.”
Follow the three ways for protection
Previously, Fancy Bear/APT28 attacked such organizations also and released the medical records and emails in 2016 and 2018 The cyberattack of 2018 had targeted a federal court in the United States. Moreover, they have also targeted organizations involved in the democratic process. The same group was also active on the attack on servers belonging to the Democratic National Committee during the 2016 election.
It’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet. We also hope that publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.
Like Microsoft, they recommended at least three ways for protection from these attack types:
- The first step is using two-factor authentication on all business and personal email accounts,
- Second is learning how to spot phishing schemes and protect yourself from them,
- Third turning on security alerts about links and files from suspicious websites.