Cyberwarfare / Nation-State Attacks
Fraud Management & Cybercrime
Governance & Risk Management
But Nation Won’t Pursue Legal Action in the Case
Akshaya Asokan (asokan_akshaya) •
April 14, 2021
The Russian state-sponsored group FancyBear was responsible for breaches from December 2017 to May 2018 at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.See Also: Top 50 Security Threats
In a statement released on Tuesday, the agency notes an investigation conducted with the National Security Unit and the Swedish Security Service found evidence of activities by GRU, Russia’s military intelligence agency.
FancyBear, also known as APT28, Group 74, Pawn Storm and Sofacy, is an advanced persistent threat group that many information security experts believe is tied to the GRU.
The Swedish Prosecution Authority notes the APT group was also behind the compromise of the World Anti-Doping Agency, the United States Anti-Doping Agency and the Fédération Internationale de Football Association
Despite the investigation’s findings, Swedish authorities say they will not press ahead with further legal proceedings against the GRU. “Against the background of parties acting for a foreign power, in this case Russia, we have reached the conclusion that the necessary preconditions for taking legal proceedings abroad or extradition to Sweden are lacking. I have, therefore, today decided to discontinue the investigation,” says Mats Ljungqvis, public prosecutor at Swedish Prosecution Authority.
On Tuesday, however, Sweden’s foreign ministry summoned Russia’s ambassador in Sweden to a meeting about the alleged cyberattacks against the Swedish Sports Confederation, Sweden’s foreign minister Ann Linde wrote on Twitter.
Swedish Prosecution Authority & Security Service today ⬇️ https://t.co/YvJO4p0pynUnacceptable serious breaches of data secrecy against the Swedish Sports Confederation, that violates existing norms. The Russian ambassador was summoned to the MFA to give an explanation.— Ann Linde (@AnnLinde) April 13, 2021
The Swedish Sports Confederation did not immediately reply to Information Security Media Group’s request for comment. Ljungqvist, the Swedish prosecutor, said he had no further comment because “the investigation is still covered by confidentiality.”
Sports Authority Compromise
In 2018, the Swedish Sports Confederation reported that its computers were repeatedly breached by attackers. This resulted in hackers accessing records related to Swedish athletes’ doping tests, which included their personal details and medical records. The hackers then published these records on public forums, Reuters reported.
Following the incident, some security experts said the hacking activities targeting international athletes were likely undertaken by Russia as a retaliatory move after World Anti-Doping Agency, ior WADA, recommended banning Russia’s Olympic squad from participating in 2016 summer Olympics in Brazil. WADA’s opinion came after revelations from Russian whistleblowers that the country ran an extensive doping program between 2011 and 2015, flouting international rules against using performance-enhancing drugs.
Soon after WADA made its banning recommendation, FancyBear apparently hacked its Anti-Doping Administration and Management System, which organizes drug testing schedules and is used by athletes to keep authorities up-to-date on their locations (see: Hackers Dump US Olympic Athletes’ Drug-Testing Results ).
Among the athletes affected by the WADA hack were U.S. gymnast Simone Biles, the tennis duo Venus and Serena Williams, and Elena Delle Donne, who was on the U.S. women’s Olympic basketball team.
In 2017, FancyBear published health records related to alleged drug use by dozens of soccer players worldwide that apparently were hacked from the Fédération Internationale de Football Association, or FIFA, according to a report in International Business Times. The APT group, which published the data through its website – which no longer exists – said it sought to dispel “the myth about doping-free football,” (see: Hacker Group Releases Stolen Health Records)
In 2018, the U.S. Justice Department unsealed a criminal indictment charging seven Russian residents for their role in the WADA hack and leak campaign.
The indictment said five of the suspects were GRU officers who serve in the elite military unit 26165 – also called GRU 85 Main Special Service Center – which allegedly runs high-risk cyber espionage operations.
The indictment also said the hackers targeted WADA and the International Court of Arbitration for Sport through spoofed agency domains and by sending spear-phishing emails to victims at both organizations. They also allegedly targeted the United States Anti-Doping Agency.
originally appeared on Source link