Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Russian Cyberspies Accused of Attack on Olympics Anti-Doping Agency

Hackers leak athlete data from WADA

Hackers Leak Athlete Medical Data From Olympics Anti-Doping Agency

Hackers leak athlete data from WADA

Hackers Leak Athlete Medical Data From Olympics Anti-Doping Agency

The World Anti-Doping Agency (WADA) has officially pointed the finger at a Russian cyberespionage group for breaching its systems and leaking sensitive athlete data, including confidential medical records, but a hacktivist group has also taken credit for the attack.

WADA hacked via password phishing

WADA, a non-profit organization founded by the International Olympic Committee (IOC) and supported by national governments, informed stakeholders last month that malicious actors had registered two fake WADA domains which they had leveraged to phish credentials for the Anti-Doping Administration and Management System (ADAMS). Yuliya Stepanova, a whistleblower who exposed widespread doping in Russian athletics, was one of the victims of the attack.

Researchers quickly found connections between the attack on WADA and the notorious Russia-linked threat actor known as Fancy Bear, APT28, Pawn Storm, Strontium, Sofacy, Tsar Team and Sednit.

On Tuesday, WADA published a statement confirming that a Russian spy group was behind the attack on its systems. The organization doesn’t appear to have reached this conclusion on its own – it got the information from law enforcement authorities.

WADA said the hackers used phished credentials to access athlete data, including test results from the Rio Games and Therapeutic Use Exemptions, some of which they published online.

“WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system,” said Olivier Niggli, director general of WADA. “Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report.”

Russian espionage or hacktivism?

The group that leaked the athlete data is calling itself “Fancy Bears’ international hacking team” and its website, fancybear.net, suggests that it’s affiliated with the Anonymous hacktivist movement.

The hackers claim they have launched OpOlympics, a campaign whose goal is to show that famous athletes from the U.S. and other countries won medals at the Olympics by using substances banned by WADA. The group even accepts Bitcoin donations on its website.

The group has so far leaked test results and other medical documents on American athletes, including gymnast Simone Biles, basketball player Elena Delle Donne, and tennis players Venus and Serena Williams.

“After detailed studying of the hacked WADA databases we figured out that dozens of American athletes had tested positive,” the hackers said. “The Rio Olympic medalists regularly used illicit strong drugs justified by certificates of approval for therapeutic use. In other words they just got their licenses for doping. This is other evidence that WADA and IOC’s Medical and Scientific Department are corrupt and deceitful.”

Biles and Donne reacted to the data leak on Twitter, claiming they had been taking the WADA-banned substances for genuine medical conditions. The U.S. Anti-Doping Agency (USADA) also published a statement backing the claims of the affected athletes.

“The athletes haven’t [done anything wrong],” said USADA CEO Travis T. Tygart. “In fact, in each of the situations, the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication. The respective International Federations, through the proper process, granted the permission and it was recognized by the IOC and USADA.”

Russia has denied any involvement in the attack on WADA. However, it’s worth noting that this is not the first time the country has been accused of a cyberattack for which “hacktivists” take credit.

When the U.S. Democratic Party’s systems were breached this summer, experts immediately pointed the finger at the APT28/Fancy Bear threat group, but a hacktivist using the online moniker “Guccifer 2.0” took credit for the attack. Now, evidence again seems to point at Russia and a hacktivist group calling itself “Fancy Bears’ Hacking Team” takes credit.

In the case of Guccifer 2.0, who has claimed to be Romanian, although he has failed to prove it, some researchers believe he is actually a personna used by cyberspies to throw investigators off track.

Related: More Evidence Links Russia to DNC Attack

Related: Evidence Links Russia to Second Democratic Party Hack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.