Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian advanced persistent threat (APT) group 28, also known as Fancy Bear, STRONTIUM, Swallowtail, Sofacy, Sednit, and Zebrocy. According to Microsoft, APT28 is targeting sporting and anti-doping organizations using spearphishing, password spraying (a brute force technique), fake Microsoft internet domains, as well as open-source and custom malware to exploit internet-connected devices.
To protect against similar attacks, Microsoft recommends:
- Enabling two-factor authentication on all business and personal email accounts,
- Learning how to spot phishing schemes and protect yourself from them, and
- Enabling security alerts about links and files from suspicious websites.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages network defenders to remain vigilant and review the Microsoft article, the World Anti-Doping Agency article, and the following resources for additional information:
- Avoiding Social Engineering and Phishing Attacks
- Brute Force Attacks Conducted by Cyber Actors
- Protecting Against Malicious Code
This product is provided subject to this Notification and this Privacy & Use policy.