In light of WADA’s sporting ban of Russia, cyber security experts at ThreatConnect have warned that WADA itself, as well as the likes of FIFA and the IOC, must remain vigilant for potential malicious activity over the coming months.
ThreatConnect has tracked Russian actors over the last several years, and found efforts to target WADA, and other organisations, after previous sport-related bans.
From 2016 through 2018, a jilted Russia conducted various activity against anti-doping related organisations and the Olympics themselves following bans for doping in sport. To that end, it\’s important for us to consider the wide range of effects that Russia may seek to achieve following the most recent sporting ban from WADA – Russian actors have a history of undertaking cyber assaults following previous bans, targeting a whole range of organisations.
In 2016, following WADA\’s recommendation that Russian athletes be banned from the summer games in Rio, GRU-associated Fancy Bear actors registered domains spoofing the World Anti-Doping Agency (WADA) and the Court of Arbitration for Sport (CAS), and then attempted an active measures campaign using the Fancy Bears HT cut out. In 2017 and 2018 following the IOC ban of Russian athletes, we saw possible Fancy Bear domains registered spoofing regional anti-doping agencies and the supplier of a testing kit. During the Olympics in 2018, another GRU affiliated threat group, Sandworm, sought to disrupt the winter games in South Korea in the Olympic Destroyer attack.
Now that Russia has been banned once more, WADA and the competitions Russia has been banned from, such as the FIFA World Cup, need to remain vigilant. In the run up to Russia\’s probable appeal of the ban, the likes of IOC, FIFA, WADA, CAS and other organisations working closely with the 2020 Olympics and the 2022 World Cup, as well as groups safeguarding athletes’ personal information, need to remain cognizant of the range of these attacks and attempt to proactively address them.