The cyberattacks, which spanned three continents, include anti-doping organizations. They followed reports that Russia could be banned from all major sports after “inconsistencies” were found. Microsoft says the attacks follow Stronium’s usual M.O., with a combination of spear-phishing, password spray, and IoT hacks. They involved the group’s custom malware, with some successful attempts.
Not the First Time
This isn’t the first time Strontium has targetted anti-doping. Previous reports suggest it released emails and medical records of officials acquired between 2016 and 2018. During this time, pressure on Russia surrounding doping was high, with 72 athletes banned as of 2018 and pressure from dozens of anti-doping organizations to ban the country from competing entirely. In May 2016, Russian doping mastermind Grigory Rodchenkov turned whistleblower and said he worked with the FSB to overcome anti-doping measures at Sochi 2014. The techniques included breaking into ‘tamper-proof’ bottles and replacing their samples with false ones in the dead of night. The latest reports of a potential ban suggest Russia could also be prevented from hosting future events. In January, the country handed over its Moscow lab as a condition of its reintegration into the sporting world. It missed several deadlines to hand the lab over and the World Anti-Doping agency is yet to reveal what the inconsistencies involved. “As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today. We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves,” said Microsoft. The company has previously blamed Strontium for a large-scale IoT hack and for exploiting Windows vulnerabilities. It recommends its Microsoft Defender ATP solution to protect against such attacks.