After the Russians were banned from the Olympics for another four years in a unanimous decision from the World Anti-Doping Agency (WADA), the immediate reaction from Russia was fury and denial. So now everyone is waiting to see how Russia will respond.
In 2016, Red Sky Alliance analysts reported on the Russian retaliation when Russia was banned from the Olympics for steroid use. 2016 saw unprecedented Russian physical, cyber and physiological interference into the US presidential election, but prior to the US presidential election meddling, one of the most aggressive cyber campaigns that year centered on the Summer Olympics which was conducted by a then unknown APT hacker group, Fancy Bear.
In the run-up to the 2016 Summer Olympic games in Brazil, WADA had uncovered a Russian steroid doping conspiracy and recommended a full athlete ban. In response, Russia’s most notorious hackers targeted an array of international officials and then leaked both real and manipulated documents in a propaganda campaigned designed to undermine the original recommendation. In response. the International Olympic Committee rejected a blanket ban and allowed each sport to rule individually.
Two years later, the opening ceremony of the 2018 Winter games in South Korea began with all the traditional ceremonies, which unfortunately included a targeted cyber-attack known as Olympic Destroyer that was intended to sabotage the Olympic networks and its connected event hardware and devices. The attack’s origins were cloaked, but initial bits of cyber evidence in the malware pointed its origins to North Korea and China. But after cyber investigators eventually diagnosed the attempted obfuscation methods, which originally mislead them, it became apparent that APT Russian hacker groups were really responsible.
After piecing these cyber facts together, it became evident that the Russians see the Olympics as a part of a larger world power competition and will use hacking as their main weapon. In the past two years, cyber-attack TTP’s have been enhanced and malware is ever more expansive. Like running a race, the Russians are sprinting right alongside the Americans, Chinese, Iranians, North Koreans, and others in using hackers to shape international history and try to bend Geo-Politics to their direction.
“Over two decades, the international arena of digital competition has become ever more aggressive,” writes Ben Buchanan, a professor at Georgetown University’s School of Foreign Service, said in his upcoming The Hacker and the State. “The United States and its allies can no longer dominate the field the way they once did. Devastating cyber-attacks and data breaches animate the fierce struggle among states.” In the 2016 US presidential elections, Russian hackers targeted the electronic voting systems of more than one hundred local elections. Even when the tampering is not successful or when damning information is not exfiltrated, the suspicion generated by the discovery of malicious code (or reports of systems penetration) speaks to a new conspiratorial and anxious politics, in which the question of democratic legitimacy is left open and unanswered,” said Buchanan.
Perhaps the most useful preview of the 2020 US election will be, once again, the Olympics. The 2020 Summer Olympic games in Tokyo, Japan have already experienced several successful hacks on relevant Olympic organizations. Last October Microsoft issued a warning we explaining how an APT Russian group was tracked attacking sporting organizations tied to the 2020 Tokyo Olympics. The advanced persistent threat (APT) hacking group that Microsoft calls Strontium, but is better known as APT28 or Fancy Bear, has been seen targeting anti-doping authorities and sporting organizations around the world. The Microsoft Threat Intelligence Center first spotted the highly targeted attacks by the APT hacking group beginning September 16. While most of the attacks were not successful, Microsoft has stated that some were. The attacks appear to have been coordinated ahead of news stories regarding WADA taking action over Russian state-sponsored doping program lab data being deleted. Microsoft reported, "At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks."
According to Microsoft researchers, Strontium used methods like previous attacks that have targeted governments, military to the other end of the spectrum of human rights organizations and universities. Their methodology includes highly focused phishing attacks known as “spear-phishing” as well as a type of brute force password attack known as spraying. Password spraying is where attackers try a relatively small number of commonly used passwords against many accounts. These TTPs sounds somewhat low tech, but it has been successful given that enough targets which produce a high probability that at least one user will have poor security hygiene and using a common, easy password. But additionally, APT28 hackers also employ open-source and custom malware along with the exploitation if internet-connected devices along the way.
Even though many researchers both publicly and privately blame Russia for the last two rounds of Olympic hacks, there really have not been no serious consequences for their malicious intent. Many researchers believe we will see another 2020 Olympic cyber targeting. Red Sky Alliance will continue to monitor malicious activity regarding the upcoming national US elections.
Red Sky Alliance is in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org
Link to past Fancy Bear report: