Russians Behind Sports Confederation Hack
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management
But Nation Won’t Pursue Legal Action in the Case
The Russian state-sponsored group Fancy Bear was responsible for breaches from December 2017 to May 2018 at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.
See Also: Top 50 Security Threats
In a statement released on Tuesday, the agency notes an investigation conducted with the National Security Unit and the Swedish Security Service found evidence of activities by GRU, Russia’s military intelligence agency.
Fancy Bear, also known as APT28, Group 74, Pawn Storm and Sofacy, is an advanced persistent threat group that many information security experts believe is tied to the GRU.
The Swedish Prosecution Authority notes the APT group was also behind the compromise of the World Anti-Doping Agency, the United States Anti-Doping Agency and the Fédération Internationale de Football Association.
Despite the investigation’s findings, Swedish authorities say they will not press ahead with further legal proceedings against the GRU. “Against the background of parties acting for a foreign power, in this case Russia, we have reached the conclusion that the necessary preconditions for taking legal proceedings abroad or extradition to Sweden are lacking. I have, therefore, today decided to discontinue the investigation,” says Mats Ljungqvist, public prosecutor at the Swedish Prosecution Authority.
On Tuesday, however, Sweden’s foreign ministry summoned Russia’s ambassador in Sweden to a meeting about the alleged cyberattacks against the Swedish Sports Confederation, Swedish Minister for Foreign Affairs Ann Linde wrote on Twitter.
Swedish Prosecution Authority & Security Service today ⬇️ https://t.co/YvJO4p0pyn
Unacceptable serious breaches of data secrecy against the Swedish Sports Confederation, that violates existing norms. The Russian ambassador was summoned to the MFA to give an explanation.
— Ann Linde (@AnnLinde) April 13, 2021
The Swedish Sports Confederation did not immediately reply to Information Security Media Group’s request for comment. Ljungqvist, the Swedish prosecutor, said he had no further comment because “the investigation is still covered by confidentiality.”
Sports Authority Compromise
In 2018, the Swedish Sports Confederation reported that its computers had repeatedly been breached by attackers. This resulted in hackers accessing records related to Swedish athletes’ doping tests, which included their personal details and medical records. The hackers then published these records on public forums, Reuters reported.
Following the incident, some security experts said the hacking activities targeting international athletes were likely undertaken by Russia as a retaliatory move after the World Anti-Doping Agency, or WADA, recommended banning Russia’s Olympic squad from participating in the 2016 Summer Olympics in Brazil. WADA’s opinion came after revelations from Russian whistleblowers that the country ran an extensive doping program between 2011 and 2015, flouting international rules against using performance-enhancing drugs.
WADA Hack
Soon after WADA made its banning recommendation, Fancy Bear apparently hacked its Anti-Doping Administration and Management System, which organizes drug-testing schedules and is used by athletes to keep authorities up to date on their locations (see: Hackers Dump US Olympic Athletes’ Drug-Testing Results).
Among the athletes affected by the WADA hack were U.S. gymnast Simone Biles, tennis duo Venus and Serena Williams, and Elena Delle Donne, who was on the U.S. women’s Olympic basketball team.
In 2017, Fancy Bear published health records related to alleged drug use by dozens of soccer players worldwide that apparently were hacked from the Fédération Internationale de Football Association, or FIFA, according to a report in International Business Times. The APT group, which published the data through its website – which no longer exists – said it sought to dispel “the myth about doping-free football” (see: Hacker Group Releases Stolen Health Records).
In 2018, the U.S. Justice Department unsealed a criminal indictment charging seven Russian residents for their role in the WADA hack and leak campaign.
The indictment said five of the suspects were GRU officers who served in the elite military unit 26165 – also called GRU 85th Main Special Service Center – which allegedly runs high-risk cyberespionage operations.
The indictment also said the hackers targeted WADA and the international Court of Arbitration for Sport through spoofed agency domains and by sending spear-phishing emails to victims at both organizations. They also allegedly targeted the U.S. Anti-Doping Agency.