Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Leak More Confidential Athlete Data

The hacker group calling itself Fancy Bears has leaked another batch of athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA). The organization has confirmed the leak and again blamed Russia for the attack on its systems.

The hacker group calling itself Fancy Bears has leaked another batch of athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA). The organization has confirmed the leak and again blamed Russia for the attack on its systems.

Earlier this week, the Fancy Bears group, which claims to be affiliated with the Anonymous hacktivist movement, leaked the Rio Olympics test results and therapeutic use exemptions of several U.S. athletes who they accused of being unjustly allowed by the WADA to use banned substances. The list of affected athletes included gymnast Simone Biles, basketball player Elena Delle Donne, and tennis players Venus and Serena Williams, all of whom have denied any wrongdoing.

The hackers announced on Thursday a new round of leaks targeting a total of 25 athletes from the United States, United Kingdom, Denmark, Russia, Poland, Czech Republic, Romania and Germany.

“The list of doping addicts includes not only the athletes of the top Olympic teams but also those who compete for other countries,” the hackers said in a statement accompanying the leak. “We’ll keep on telling the world about doping in elite sports. Stay tuned for new leaks.”

WADA has confirmed that the leaked files are genuine and pointed out that the information was obtained after hackers accessed the organization’s Anti-Doping Administration and Management System (ADAMS) through compromised credentials obtained via email spear-phishing attacks.

WADA insists that the Russia-linked cyberespionage group known as Fancy Bear, APT28, Pawn Storm, Sednit, Sofacy, Tsar Team and Strontium is behind the cyberattack. The organization reached this conclusion based on information provided by law enforcement and the timing of the attack.

“Given this intelligence and advice [from law enforcement and IT security agencies], WADA has no doubt that these ongoing attacks are being carried out in retaliation against the Agency, and the global anti-doping system, because of our independent Pound and McLaren investigations that exposed state-sponsored doping in Russia,” said Olivier Niggli, director general of WADA. “We condemn this criminal activity and have asked the Russian Government to do everything in their power to make it stop.”

Russia has repeatedly denied any involvement, but officials have complained about the lack of transparency and accused WADA of favoring some countries.

Advertisement. Scroll to continue reading.

News of the WADA hack emerged in August. At the time, threat intelligence firm ThreatConnect published a blog post detailing the connection between this attack and the Russian threat group APT28.

APT28 is also believed to be responsible for the recent attacks on the U.S. Democratic Party. A hacktivist using the online moniker Guccifer 2.0 took credit for the Democratic Party breach, and while he claims to be a lone wolf from Romania, experts believe it’s just a persona used by Russian intelligence to throw investigators off track.

Related: More Evidence Links Russia to DNC Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.