Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

IAAF Says Russia-Linked Hackers Accessed Medical Records

The International Association of Athletics Federations (IAAF) revealed on Monday that athletes’ medical records were accessed in an attack the organization believes was carried out by the Russia-linked cyber espionage group known as Fancy Bear.

The International Association of Athletics Federations (IAAF) revealed on Monday that athletes’ medical records were accessed in an attack the organization believes was carried out by the Russia-linked cyber espionage group known as Fancy Bear.

Fancy Bear is also known as APT28, Pawn Storm, Strontium, Sofacy, Sednit and Tsar Team. The group is said to be responsible for many high-profile attacks, including the recent U.S. election hacks.

The IAAF, which is based in Monaco, said it learned of the breach after it hired incident response firm Context Information Security in January to conduct a technical investigation. Investigators found signs of unauthorized remote access on February 21, when they discovered metadata on athletes’ Therapeutic Use Exemption (TUE) applications stored in a newly created file.

The breach impacts athletes who have applied for TUEs since 2012. Affected individuals have been contacted by the IAAF.

It’s unclear if the attackers managed to exfiltrate the information they collected, but IAAF believes this provides a strong indication of what the attackers were after. The IAAF is confident the threat actor no longer has access to its networks following clean-up efforts assisted by Context, the UK National Cyber Security Centre (NCSC), and the Agence Monégasque de Sécurité Numérique (Monaco AMSN).

This is not the first time Fancy Bear has been accused of targeting an athletic organization. Last year, the World Anti-Doping Agency (WADA) said the hackers had stolen sensitive athlete data, including medical test results and TUEs.

Researchers linked the attack on WADA to the Fancy Bear cyberspies, but a group calling itself “Fancy Bears,” claiming to be affiliated with the Anonymous hacktivist movement, also took responsibility for the breach and leaked some of the stolen files.

In the WADA attack, hackers gained unauthorized access to the Anti-Doping Administration and Management System (ADAMS) after using a fake website to phish credentials. In the case of IAAF, there is no information on how the attackers may have gained access to the organization’s systems.

Advertisement. Scroll to continue reading.

Related: Hackers Target Czech Foreign Ministry’s Email System

Related: Russian Cyberspies Use New Mac Malware to Steal Data

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...