A hacking group with suspected Russian links published allegedly leaked emails from the International Olympic Committee (IOC) and the World Anti-Doping Agency (WADA) on Wednesday, less than a month before the 2018 Winter Olympics begin in Pyeongchang, South Korea.
The group, known as “Fancy Bear,” posted conspiracy theory-laced, Illuminati-themed, heavily doctored pictures of Olympic officials Wednesday with text teasing a new release. A few hours later, the group posted a link to a website and leaked email archives with the title “
#WADA vs. #IOC: Fight for Clean Sport or Fight for Power?”
A lengthy blog post accused “Anglo-Saxon” nations including the United States of fighting for “power and cash in the sports world” but doing so “on the pretext of defending clean sport.”
The group, also known as APT28, is best known as being credited with breaching the the Democratic National Committee and Hillary for America campaign in 2016, as well as propaganda tied to other Olympic athletes in the lead up to the 2016 games.
The alleged hack comes as Russia’s entire Winter Olympics team has been banned from taking part in the 2018 Games due to systemic and government-backed doping. That investigation began during the 2014 Summer Olympics due to the whistleblower doctor Grigory Rodchenkov. Russian officials have repeatedly denied all charges but the evidence and subsequent medical testing revealed over 1,000 Russian Olympic athletes benefitted from the program.
The new Fancy Bear leaks allege Russia’s ban from the Olympics was overtly political.
The IOC declined to comment on leaked emails. WADA has not responded to inquiries.
The 2018 Olympics have already been targeted by at least one other nation-state campaign.
A December 2016 spearphishing campaign against South Korean officials was uncovered by McAfee security researchers who saw hackers pretending to be with the South Korean National Counter-Terrorism Center. When targets opened infected documents, the hackers established a backdoor on victims’ machines that allowed them to steal data or take over a computer. The perpetrator of that campaign remains unclear.
Betsy Cooper, head of the UC Berkeley Center for Long-Term Cybersecurity, recently told CyberScoop that hacking Olympic events occurs “fairly regularly” for a number of different reasons including financial and political motivations. In 2017, Cooper’s group put together a thorough report on cybersecurity threats facing modern Olympic Games.
“As you know, the Fancy Bears are a criminal organization, which seeks to undermine the work of WADA and its partners,” WADA’s Maggie Durand told CyberScoop. “Everything that they have posted today is dated.”
In addition to a popular sporting event, the Olympics always bring huge troves of financial and political capital to play. Boycotts, bans, wins and losses have historically reverberated in the geopolitical landscape in powerful and unpredictable ways.
Believed to be a unit of Russia’s military intelligence agency GRU, the group known as Fancy Bear has been active for over a decade. Their alleged work during the 2016 U.S. presidential election earned them worldwide attention but they took no rest in 2017.
Security researchers linked a wide range of 2017 hacking campaigns to Fancy Bear including the Sednit Exploit Kit, the DealersChoice malicious document generator, pointed phishing campaigns and attacks against European election and political targets.
Update: Added confirmation and comments from WADA.