Ahead of next year’s Olympic games in Tokyo, Russian hackers have targeted at least 16 national and international organisations.
The Microsoft Threat Intelligence Center have tracked a spring of cyberattacks coming from the Russian Threat group Strontium, also known as APT28, The attacks are targeting anti-doping authorities and sporting organisations worldwide.
Some of the attacks were successful, however the vast majority of them were not. It is unclear as what the hackers hope to harvest from the attacks.
In a blog post, Microsoft explained that the methods utilised in these attacks are similar to those that are routinely used by APT28 to target think tanks, law firms, human rights organisations, militaries, financial firms and universities across the world.
The different methods include password spray, spear-phishing, exploiting internet-connected devices and the use of open-source and custom malware.
This isn’t the first time, APT28 has targeted such organisations, with their first attack dating back to 2016. Reportedly, the threat group had released medical records and emails stolen from both sporting organisations and anti-doping officials.
“We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet.”
Microsoft has recommended organisations to implement two-factor authentication on all business and personal email accounts, as well as train staff on how to spot and protect themselves from phishing scams, and enable security alerts.
Only last month did the World Anti-Doping Agency (WADA) warned that it would take action against Russia over discrepancies in a lab database – to which the country could be facing expulsion from the Olympics and other major sporting events.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.