Russia-linked hackers are targeting anti-doping authorities and sports organisations, says Microsoft
The latest series of cyber attacks started on 16th September
Microsoft claims to have tracked a series of cyber attacks coming from Russian threat group 'Strontium', targeting anti-doping authorities and global sporting organisations.
The attacks, some of which were successful, began on 16th September and targeted at least 16 sporting and anti-doping organisations across three continents.
Microsoft says it has notified all of its customers that were targeted. It added that individuals and organisations can protect themselves from such attacks 'in at least three ways'.
'We recommend, first, that you enable two-factor authentication on all business and personal email accounts', the company said in a blog post.
'Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites'.
Microsoft detected the latest round of cyber attacks just before several news reports claimed that the World Anti-Doping Agency (WADA) could take action against Russia over manipulation of data provided to the agency by the country.
Recently, a WADA team found some inconsistencies between a data set sent by whistle-blower in 2017 and the data Russian officials submitted last January. The team also observed the removal of a failed drug test from the Russian data set. In September, WADA gave Russian officials three weeks to explain the discrepancies.
Strontium, which Microsoft has accused of carrying out the latest cyber attacks, is one of the most notorious and oldest cyber espionage groups in the world. It is also known as APT28 or Fancy Bears, and has targeted numerous government agencies, militaries, law firms, think-tanks, financial firms and human rights organisations in the past year.
It uses a variety of techniques, including password spray, spear-phishing and the use of custom and open-source malware and internet-connected devices to execute attacks. Microsoft believes the group has ties with the Russian government.
Earlier in 2016 and 2018, Strontium reportedly released emails and medical records on Olympic athletes, stolen from anti-doping officials and sporting organisations. Those attacks occurred amid mounting criticism of Russia for its state-sponsored doping programme, and resulted in the indictment of seven Russian intelligence officers in a US federal court last year.
Microsoft has taken legal steps in the past to prevent Strontium from using fake Microsoft internet domains to carry out its attacks.
Last year, the company shut down more than 80 fake websites after getting approval from courts. At that time, Microsoft also said that Russia-linked hackers were attempting to launch cyber attacks on American political groups.
However, Russia denies involvement of state-backed hackers in attacks against other countries.
Just last week, a spokesman for the Russian embassy in London dismissed reports that accused Russian hacking group Turla of hijacking Iran-linked tools to launch cyber attacks against multiple countries.
A Russian spokesman described those reports as an attempt to "drive a wedge" between Russia and Iran.