BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Microsoft Says Russian Hackers Have Started To Hack The 2020 Tokyo Olympics

Following
This article is more than 4 years old.

In an official blog posting dated October 28, Tom Burt, the corporate vice-president of customer security and trust at Microsoft, warned how an alleged Russian state-sponsored espionage group had been tracked attacking sporting organizations ahead of the 2020 Tokyo Olympics.

The advanced persistent threat (APT) hacking group that Microsoft calls Strontium, but is perhaps better known as APT28 or Fancy Bear, has been seen targeting anti-doping authorities and sporting organizations around the world, Burt revealed.

The Microsoft Threat Intelligence Center first spotted the highly targeted attacks by the APT hacking group beginning September 16. While the majority of the attacks were not successful, Microsoft has stated that some were. The attacks appear to have been coordinated ahead of news stories regarding the World Anti-Doping Agency (WADA) taking action over Russian state-sponsored doping program lab data being deleted. "At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks," Burt stated.

Strontium attack methodology

According to Microsoft intelligence, Strontium used methods similar to previous attacks that have targeted everything from governments and the military to human rights organizations and universities. This methodology includes highly focused phishing attacks known as “spear-phishing” as well as a type of brute force password attack known as spraying. Password spraying is where attackers try a relatively small number of commonly used passwords against a large number of accounts. It sounds somewhat lo-fi, but it works as given enough targets the chances are high that at least one will have poor security hygiene and be using a common password. Of course, the Strontium hackers also employ open-source and custom malware along with the exploitation if internet-connected devices along the way.

Although to safeguard customer privacy, the specific victims are not being identified, Burt has confirmed that Microsoft "has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems."

Fancy Bear has hacking history

Whether you call it Strontium, APT28, or Fancy Bear, there's no denying both the work rate and success of this hacking group. As well as previously hacking WADA and the International Association of Athletics Federations, the group which is thought to be sponsored by Russian military intelligence (GRU) has also been associated with the Democratic National Committee (DNC) hack in 2016, and more recently attacks during European election campaigns.

"Continued targeting of Olympics organizations by APT28 emphasizes they have not been dissuaded by efforts to sanction and indict them," John Hultquist, director of intelligence analysis at FireEye, said. FireEye expects the group to "aggressively target Olympic organizations in an effort to harass, intimidate, and even discredit these institutions," Hultquist said, adding: "As in PyeongChang, these efforts may culminate in an attempt to disrupt the games themselves." Hultquist also noted that such aggressive posturing might be an indication that Russia may well be looking to use Strontium in the upcoming U.S. presidential elections.

Burt said that Microsoft routinely takes legal action to "prevent Strontium from using fake Microsoft internet domains to execute its attacks," and the data obtained during this "disruption work" is used to improve Microsoft product security more broadly.

"We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity," Burt stated, "so we can all continue the global dialogue about protecting the internet."

Microsoft mitigation advice

Microsoft advises that, to help protect yourself and your organization from this kind of attack, you take three initial steps:

1. Enable two-factor authentication (2FA) on all business and personal email accounts.

2. Learn how to spot phishing scams and protect yourself against them.

3. Enable security alerts concerning links or files from suspicious websites.

Follow me on Twitter or LinkedInCheck out my website or some of my other work here