Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

IAAF Says Russia-Linked Hackers Accessed Medical Records

The International Association of Athletics Federations (IAAF) revealed on Monday that athletes’ medical records were accessed in an attack the organization believes was carried out by the Russia-linked cyber espionage group known as Fancy Bear.

The International Association of Athletics Federations (IAAF) revealed on Monday that athletes’ medical records were accessed in an attack the organization believes was carried out by the Russia-linked cyber espionage group known as Fancy Bear.

Fancy Bear is also known as APT28, Pawn Storm, Strontium, Sofacy, Sednit and Tsar Team. The group is said to be responsible for many high-profile attacks, including the recent U.S. election hacks.

The IAAF, which is based in Monaco, said it learned of the breach after it hired incident response firm Context Information Security in January to conduct a technical investigation. Investigators found signs of unauthorized remote access on February 21, when they discovered metadata on athletes’ Therapeutic Use Exemption (TUE) applications stored in a newly created file.

The breach impacts athletes who have applied for TUEs since 2012. Affected individuals have been contacted by the IAAF.

It’s unclear if the attackers managed to exfiltrate the information they collected, but IAAF believes this provides a strong indication of what the attackers were after. The IAAF is confident the threat actor no longer has access to its networks following clean-up efforts assisted by Context, the UK National Cyber Security Centre (NCSC), and the Agence Monégasque de Sécurité Numérique (Monaco AMSN).

This is not the first time Fancy Bear has been accused of targeting an athletic organization. Last year, the World Anti-Doping Agency (WADA) said the hackers had stolen sensitive athlete data, including medical test results and TUEs.

Advertisement. Scroll to continue reading.

Researchers linked the attack on WADA to the Fancy Bear cyberspies, but a group calling itself “Fancy Bears,” claiming to be affiliated with the Anonymous hacktivist movement, also took responsibility for the breach and leaked some of the stolen files.

In the WADA attack, hackers gained unauthorized access to the Anti-Doping Administration and Management System (ADAMS) after using a fake website to phish credentials. In the case of IAAF, there is no information on how the attackers may have gained access to the organization’s systems.

Related: Hackers Target Czech Foreign Ministry’s Email System

Related: Russian Cyberspies Use New Mac Malware to Steal Data

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.