What just happened? As Japan gears up for the 2020 Tokyo Olympics, hackers have increased the rate and sophistication of their attacks. Microsoft's Threat Intelligence Center has issued a notice on what appears to be a concerted cyberattack directed at national and international sporting and anti-doping organizations. It turns out it's the work of a well-known Russian hacker group that's been trying to retaliate after Russian Olympic athletes were accused of cheating during the competitions.
Microsoft claims that a well-known hacker group called Strontium or Fancy Bear has attacked at least 16 sporting and anti-doping organizations. The attacks started last month after the World Anti-Doping Agency announced that Russia faces a ban from all major sports events, including world championships and the upcoming Olympics which are set to take place in Tokyo next year.
The company's Threat Intelligence Center spotted the first attack on September 16 and hasn't named any of the organizations that were targeted. The attacks involved a mix of password spraying, spear-phishing, exploiting IoT devices, as well as both open source and custom malware. The methods are routinely used by Strontium against governments, think tanks, human rights groups, and various other organizations.
The good news is that most attacks were unsuccessful. Microsoft notified the affected organizations and offered to help those that requested assistance. To protect yourself from Strontium hacks, the company recommends that you use two-factor authentication on all your email accounts and learn how to spot phishing schemes, so that you don't run the risk of leaking sensitive information from your organization.
Strontium is widely believed to be tied to the Russian government and has previously been linked to attacks that targeted the medical information of hundreds of athletes from almost 30 countries, as well as a chemical weapons organization and a US nuclear power plant. Microsoft hopes to foster international discussions about cybersecurity measures that would prevent future attacks. It's worth noting that CrowdStrike found Russian state-sponsored hackers are faster than those from other nations.