Microsoft says Russia-linked hackers target sports organisations

[zanderthunder]

 

Microsoft Corp said it has tracked "significant" cyberattacks coming from a group it calls "Strontium" or "Fancy Bear", targeting anti-doping authorities and global sporting organisations.

 

The group, also called APT28, has been linked to the Russian government, Microsoft said in a blog post.

 

At least 16 national and international sporting and anti-doping organisations across three continents were targeted in the attacks which began on Sept 16, according to the company.

 

The company said some of these attacks had been successful, but the majority had not. Microsoft has notified all customers targeted in these attacks.

 

Strontium, one of the world's oldest cyber espionage groups, has also been called Sofancy and Pawn Storm by a range of security firms and government officials. Security firm CrowdStrike has said the group may be associated with the Russian military intelligence agency GRU.

 

Microsoft said Strontium reportedly released medical records and emails taken from sporting organisations and anti-doping officials in 2016 and 2018, resulting in an indictment in a federal court in the United States in 2018.

 

The software giant added that the methods used in the most recent attacks were similar to those used by Strontium to target governments, militaries, think-tanks, law firms, human rights organisations, financial firms and universities around the world.

 

Strontium's methods include spear-phishing, password spray, exploiting Internet-connected devices and the use of both open-source and custom malware, it added.

 

Microsoft has in the past taken legal steps o prevent Strontium from using fake Microsoft internet domains to execute its attacks.

 

By August last year, Microsoft had shut down 84 fake websites in 12 court-approved actions over the past two years.

 

Microsoft said at the time that hackers linked to Russia's government sought to launch cyber attacks on US political groups. 

 

Source: Microsoft says Russia-linked hackers target sports organisations (via The Star Online)

[zanderthunder]

Russian hackers are attacking Tokyo 2020 Olympics, says Microsoft

 

Today, Microsoft has claimed that Russian state-sponsored hacker group Strontium (Fancy Bear/APT28) has been involved in cyberattacks targeting sporting and anti-doping organizations. The Redmond giant's Threat Intelligence Center (MSTIC), which is responsible for monitoring, identifying, and reporting cybercrimes, mentioned the Tokyo 2020 Summer Games being in the crosshairs.

 

According to the team, "at least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th." Strontium's attacks, which were largely successful, were conducted using techniques like password spray, spear-phishing, exploiting devices connected to the internet, and using open-source and custom malware.

 

The team at Microsoft noted that the attacks were in direct correlation with the reports that Russian athletes might face a potential ban from all major sporting events following a warning by the World Anti-Doping Agency last month. This is characteristic behavior on part of Strontium, claims Microsoft, as the group of hackers tried to attack anti-doping agencies previously as well. Most notably, after the Russian team was disqualified from the 2018 Winter Olympics, Strontium was also a cog in the wheel of the Olympic Destroyer cyberattack.

 

To help deal with the threat posed by Strontium and considering the hype leading up to the Olympics, Microsoft believes that raising awareness and sharing significant threat activity is integral. The firm stated that "We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves."

 

Additionally, Microsoft also had advice for helping users protect themselves against such attacks. The tech giant recommended using two-factor authentication for all accounts, enabling security alerts about suspicious websites, and discovering more about how to protect themselves from phishing attacks.

 

Source: 

1. Russian hackers are attacking Tokyo 2020 Olympics, says Microsoft (via Neowin)

2. New cyberattacks targeting sporting and anti-doping organizations (via Microsoft Blog)