As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers.
Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and sporting organizations around the world.
The attacks are originating from the 'Strontium' Russian hacking group, widely known as
Fancy Bearor APT28, and are believed to be linked to the upcoming 2020 Summer Olympics in Tokyo.
The Fancy Bear hacking group, also known as APT28, Sofacy,
X-agent,
Sednit,
Sandworm, and Pawn Storm, is believed to be linked to Russian military intelligence agency GRU and has been in operation since at least 2007.
Over these past three decades, the group has been credited to many high profile hacking incidents, like hacking the
US presidential electionsto influence the results, targeting a country with
NotPetya ransomware, causing
blackouts in the Ukrainiancapital Kiev, and Pentagon breach.
The latest cyberattacks began on September 16, apparently after the World Anti-Doping Agency (WADA) found irregularities in a database from Russia's national anti-doping laboratory, warning that Russian athletes
could face a banfrom competing at Tokyo 2020 Summer Olympics.
Microsoft's Threat Intelligence Center
saidthat some of these "significant cyberattacks" were successful, but the majority were not, and that the company notified affected organisations and worked with some of them to "secure compromised accounts or systems."
Microsoft confirmed the Fancy Bear hacking group targeted at least 16 national and international sporting and anti-doping organizations across three continents, but it did not disclose their identity.
The hacking techniques used by Fancy Bear in the latest campaign involves "spear-phishing, password spray, exploiting internet-connected devices, and the use of both open-source and custom malware."
Though these techniques are very well-known and not new, they were evidently proven very effective in previous cyber attacks by Fancy Bear against "governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world."
For example, when the victim opens the malicious document attached to an email, the exploit automatically executes some PowerShell scripts in the background and installs malware over the victim's computer, giving attackers full remote control over it.
This is not the first time when Fancy Bear hackers have targeted anti-doping organisations.
Fancy Bear
leaked confidential athlete datafrom the World Anti-Doping Agency (WADA) in retaliation against the agency in 2016 when it took similar action against Russian athletes during the Rio 2016 Games Summer Olympics.
The hacking group has also been accused of conducting similar state-sponsored attacks during the
Pyeongchang 2018 Winter Olympicsheld in South Korea when used the "
Olympic Destroyer" wiper malware to disrupt the Winter Games' official network.
Though the malware did not disrupt the live feed during the opening ceremony, it was successful in disrupting the official website for the Winter Games for 12 hours, collapsing Wi-Fi in the Pyeongchang Olympic stadium, and failing televisions and internet at the main press center, leaving attendees unable to print their tickets for events or get venue information.
Security
via https://www.aiupnow.com
noreply@blogger.com (Swati Khandelwal), Khareem Sudlow