Track and field governing body reports cyberattack by Fancy Bear hackers

The world governing body for track and field said Monday that it has been attacked by the Fancy Bear hacking group.

The International Association of Athletics Federations (IAAF) said in a statement that it believes the cyberattack compromised athletes’ applications stored on its servers for what are called Therapeutic Use Exemptions (TUEs). 

Athletes can apply for and receive the exemptions in the case of an illness or condition that requires their use of medication listed on the World Anti-Doping Agency’s list of banned drugs. 

The organization said Monday that the cyberattack was perpetrated by Fancy Bear, the hacking group believed to be tied to Russia’s military intelligence arm, the GRU. 

{mosads}Fancy Bear made headlines last year for hacking into systems used by the World Anti-Doping Agency (WADA) and releasing batches of confidential athlete information related to therapeutic use exemptions. Fancy Bear has also been tied to the hacking campaign against the 2016 U.S. presidential election. 

Russia has denied links to the Fancy Bear group.

The Monaco-based IAAF said that it has reached out to athletes who have applied for the exemptions since 2012 to notify them that their information was potentially compromised.

“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” IAAF President Sebastian Coe said Monday. “They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organizations to create as safe an environment as we can.” 

The breach was discovered in late February, IAAF said, after the organization hired Context Information Security, a cyber incident response firm, to conduct technical investigations of its systems.

Hackers collected metadata on athletes’ exemption applications from a file server and stored it in a newly created file, the organization said, though it is unclear whether the attackers subsequently stole the information from the network. 

IAAF noted, however, that the breach gives “a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will.” 

The hackers were cut off from accessing the network over the weekend through a “complex remediation across all systems and servers,” IAAF said.