{ "id": "61bf23c6-000f-47d0-aa02-be2ca567ac7d", "created_at": "2026-04-06T00:15:02.342945Z", "updated_at": "2026-04-10T13:12:44.159028Z", "deleted_at": null, "sha1_hash": "6c0de9095bfa87168175789a3139a0cccd36af58", "title": "New cyberattacks targeting sporting and anti-doping organizations - Microsoft On the Issues", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 37411, "plain_text": "New cyberattacks targeting sporting and anti-doping organizations\r\n- Microsoft On the Issues\r\nBy Tom Burt\r\nPublished: 2019-10-28 · Archived: 2026-04-02 12:47:18 UTC\r\nToday we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks\r\noriginating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities\r\nand sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer\r\nGames in 2020, we thought it important to share information about this new round of activity.\r\nAt least 16 national and international sporting and anti-doping organizations across three continents were targeted\r\nin these attacks which began September 16th, just before news reports about new potential action being taken by\r\nthe World Anti-Doping Agency. Some of these attacks were successful, but the majority were not. Microsoft has\r\nnotified all customers targeted in these attacks and has worked with those who have sought our help to secure\r\ncompromised accounts or systems.\r\nThis is not the first time Strontium has targeted such organizations. The group reportedly released medical records\r\nand emails taken from sporting organizations and anti-doping officials in 2016 and 2018, resulting in a 2018\r\nindictment in federal court in the United States.\r\nThe methods used in the most recent attacks are similar to those routinely used by Strontium to target\r\ngovernments, militaries, think tanks, law firms, human rights organizations, financial firms and universities\r\naround the world. Strontium’s methods include spear-phishing, password spray, exploiting internet-connected\r\ndevices and the use of both open-source and custom malware.\r\nWe’ve previously announced separate Strontium activity we’ve seen targeting organizations involved in the\r\ndemocratic process and have described the legal steps we routinely take to prevent Strontium from using fake\r\nMicrosoft internet domains to execute its attacks. Additionally, the data and information we learn from our\r\ndisruption work is used to improve the security and security features of our products and services.\r\nAs we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing\r\ntoday. We think it’s critical that governments and the private sector are increasingly transparent about nation-state\r\nactivity so we can all continue the global dialogue about protecting the internet. We also hope publishing this\r\ninformation helps raise awareness among organizations and individuals about steps they can take to protect\r\nthemselves.\r\nYou can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable\r\ntwo-factor authentication on all business and personal email accounts. Second, learn how to spot phishing\r\nschemes and protect yourself from them. Third, enable security alerts about links and files from suspicious\r\nwebsites.\r\nhttps://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/\r\nPage 1 of 2\n\nTags: anti-doping, cyberattacks, cybercrime, cybersecurity, Microsoft Threat Intelligence Center, phishing, The\r\nDigital Crimes Unit\r\nSource: https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/\r\nhttps://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/" ], "report_names": [ "cyberattacks-sporting-anti-doping" ], "threat_actors": [ { "id": "730dfa6e-572d-473c-9267-ea1597d1a42b", "created_at": "2023-01-06T13:46:38.389985Z", "updated_at": "2026-04-10T02:00:02.954105Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "Pawn Storm", "ATK5", "Fighting Ursa", "Blue Athena", "TA422", "T-APT-12", "APT-C-20", "UAC-0001", "IRON TWILIGHT", "SIG40", "UAC-0028", "Sofacy", "BlueDelta", "Fancy Bear", "GruesomeLarch", "Group 74", "ITG05", "FROZENLAKE", "Forest Blizzard", "FANCY BEAR", "Sednit", "SNAKEMACKEREL", "Tsar Team", "TG-4127", "STRONTIUM", "Grizzly Steppe", "G0007" ], "source_name": "MISPGALAXY:APT28", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e3767160-695d-4360-8b2e-d5274db3f7cd", "created_at": "2022-10-25T16:47:55.914348Z", "updated_at": "2026-04-10T02:00:03.610018Z", "deleted_at": null, "main_name": "IRON TWILIGHT", "aliases": [ "APT28 ", "ATK5 ", "Blue Athena ", "BlueDelta ", "FROZENLAKE ", "Fancy Bear ", "Fighting Ursa ", "Forest Blizzard ", "GRAPHITE ", "Group 74 ", "PawnStorm ", "STRONTIUM ", "Sednit ", "Snakemackerel ", "Sofacy ", "TA422 ", "TG-4127 ", "Tsar Team ", "UAC-0001 " ], "source_name": "Secureworks:IRON TWILIGHT", "tools": [ "Downdelph", "EVILTOSS", "SEDUPLOADER", "SHARPFRONT" ], "source_id": "Secureworks", "reports": null }, { "id": "ae320ed7-9a63-42ed-944b-44ada7313495", "created_at": "2022-10-25T15:50:23.671663Z", "updated_at": "2026-04-10T02:00:05.283292Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "APT28", "IRON TWILIGHT", "SNAKEMACKEREL", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127", "Forest Blizzard", "FROZENLAKE", "GruesomeLarch" ], "source_name": "MITRE:APT28", "tools": [ "Wevtutil", "certutil", "Forfiles", "DealersChoice", "Mimikatz", "ADVSTORESHELL", "Komplex", "HIDEDRV", "JHUHUGIT", "Koadic", "Winexe", "cipher.exe", "XTunnel", "Drovorub", "CORESHELL", "OLDBAIT", "Downdelph", "XAgentOSX", "USBStealer", "Zebrocy", "reGeorg", "Fysbis", "LoJax" ], "source_id": "MITRE", "reports": null }, { "id": "d2516b8e-e74f-490d-8a15-43ad6763c7ab", "created_at": "2022-10-25T16:07:24.212584Z", "updated_at": "2026-04-10T02:00:04.900038Z", "deleted_at": null, "main_name": "Sofacy", "aliases": [ "APT 28", "ATK 5", "Blue Athena", "BlueDelta", "FROZENLAKE", "Fancy Bear", "Fighting Ursa", "Forest Blizzard", "G0007", "Grey-Cloud", "Grizzly Steppe", "Group 74", "GruesomeLarch", "ITG05", "Iron Twilight", "Operation DealersChoice", "Operation Dear Joohn", "Operation Komplex", "Operation Pawn Storm", "Operation RoundPress", "Operation Russian Doll", "Operation Steal-It", "Pawn Storm", "SIG40", "Sednit", "Snakemackerel", "Sofacy", "Strontium", "T-APT-12", "TA422", "TAG-0700", "TAG-110", "TG-4127", "Tsar Team", "UAC-0028", "UAC-0063" ], "source_name": "ETDA:Sofacy", "tools": [ "ADVSTORESHELL", "AZZY", "Backdoor.SofacyX", "CHERRYSPY", "CORESHELL", "Carberp", "Computrace", "DealersChoice", "Delphacy", "Downdelph", "Downrage", "Drovorub", "EVILTOSS", "Foozer", "GAMEFISH", "GooseEgg", "Graphite", "HATVIBE", "HIDEDRV", "Headlace", "Impacket", "JHUHUGIT", "JKEYSKW", "Koadic", "Komplex", "LOLBAS", "LOLBins", "Living off the Land", "LoJack", "LoJax", "MASEPIE", "Mimikatz", "NETUI", "Nimcy", "OCEANMAP", "OLDBAIT", "PocoDown", "PocoDownloader", "Popr-d30", "ProcDump", "PythocyDbg", "SMBExec", "SOURFACE", "SPLM", "STEELHOOK", "Sasfis", "Sedkit", "Sednit", "Sedreco", "Seduploader", "Shunnael", "SkinnyBoy", "Sofacy", "SofacyCarberp", "SpiderLabs Responder", "Trojan.Shunnael", "Trojan.Sofacy", "USB Stealer", "USBStealer", "VPNFilter", "Win32/USBStealer", "WinIDS", "Winexe", "X-Agent", "X-Tunnel", "XAPS", "XTunnel", "Xagent", "Zebrocy", "Zekapab", "carberplike", "certutil", "certutil.exe", "fysbis", "webhp" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434502, "ts_updated_at": 1775826764, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/6c0de9095bfa87168175789a3139a0cccd36af58.pdf", "text": "https://archive.orkl.eu/6c0de9095bfa87168175789a3139a0cccd36af58.txt", "img": "https://archive.orkl.eu/6c0de9095bfa87168175789a3139a0cccd36af58.jpg" } }