Microsoft announced Monday that it had found evidence of a Russian hacking group targeting more than a dozen national and international sporting and anti-doping groups with “significant cyberattacks.”
The company found that around 16 organizations on three continents were targeted by a group called Strontium, also known as Fancy Bear or APT28, beginning in September and that some attacks had been successful.
The group utilized spear-phishing attacks and exploited internet-connected devices in addition to using malware.
The attacks occurred just before reports emerged about Russia being banned by the World Anti-Doping Agency from competing in all major sports events due to doping incidents. Russia was banned in 2017 from competing in the 2018 Winter Olympics due to the use of performance-enhancing drugs.
Tom Burt, the corporate vice president of customer security and trust at Microsoft, wrote in a blog post on Monday that “the methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world.”
Burt noted that the majority of the recent attacks were not successful and that Microsoft has notified all the impacted companies. Microsoft did not name the organizations that were targeted.
Burt wrote that the company was raising awareness of these cyber risks to organizations in advance of the 2020 Summer Olympics in Tokyo.
The group was previously identified as a Russian-backed organization by multiple security firms and by the United Kingdom’s National Cyber Security Centre, with individuals associated with the hacking group indicted by a U.S. grand jury in 2018 for similar targeting of sports and anti-doping groups.
Microsoft took steps against Strontium in August, when the company took down six internet domains created by the group as part of efforts to step up election security. In total, Microsoft has taken down 84 domains associated with Strontium over the past two years.
Burt wrote that the company hopes to “raise awareness” of these types of attacks and provide steps for companies and individuals on how to protect themselves.
“We believe it’s important to share significant threat activity like that we’re announcing today,” Burt wrote. “We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet.”