Microsoft said today that a group of well-known Russian government hackers have targeted at least 16 national and international sporting and anti-doping organizations ahead of next year’s Tokyo Olympics.
The company also said that the attacks involved spear-phishing, password spraying, exploiting internet-connected devices, and the use of both open-source and custom malware. Responsible for the attacks is a group of Russian state-sponsored hackers that Microsoft calls Strontium, but are more widely known as APT28 or Fancy Bear.
In response to the incident reported by Microsoft, the Director of Intelligence Analysis for FireEye, John Hultquist explained that the continued targeting of Olympics organizations by APT28, emphasizes they have not been dissuaded by efforts to sanction and indict them. We expect the actor to aggressively target Olympic organizations in an effort to harass, intimidate, and even discredit these institutions. As in Pyeongchang these efforts may culminate in an attempt to disrupt the games themselves.
Hultquist said “We should also consider this aggressive posturing is an indication that Russia has not abandoned this tool, and may be willing to use it once again in upcoming US elections”.