The Russia-linked APT28 'threat' group, also known as 'Fancy Bear', has been accused of being behind a cyber attack on the International Association of Athletics Federation (IAAF). The attack compromised athletes' Therapeutic Use Exemption (TUE) applications, which had been stored on IAAF servers.
The breach was detected during an investigation carried out by cyber incident response company Context Information Security, who were contacted by IAAF at the beginning of January to undertake a technical investigation across IAAF systems," it says.
The statement continued: "The presence of unauthorised remote access to the IAAF network by the attackers was noted on 21 February, where meta data on athlete TUEs was collected from a file server and stored in a newly created file.
"It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers' interest and intent, and shows they had access and means to obtain content from this file at will."
Context Information Security had been called in following earlier security breaches that had spilled sensitive information about athletes' medications approved by athletics authorities.
The IAAF admitted the breach in a statement. "Over the past month the IAAF has consulted the UK National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique (Monaco AMSN) and worked with Context to carry out a complex remediation across all systems and servers in order to remove the attackers' access to the network," it explained. "This was carried out and completed over the weekend."
Athletes have already been advised about the breach and the compromise of test data. They have been advised to contact the IAAF direct if they have any concerns.
IAAF president Sebastian Coe apologised to athletes for the breach: "Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential."
He continued: "They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world's best organisations to create as safe an environment as we can."
It is not the first attack targeting the IAAF and global athletics since the Russian government was accused of masterminding a covert doping campaign intended to boost the performance of its own athletes.
"This style of attack reminds us that 'data aware' technologies are key in helping to prevent sensitive data from being copied, moved or deleted without approval or permission," said Thomas Fischer, security advocate and threat researcher at Digital Guardian.
He continued: "This means that, even if a sophisticated hacker manages to breach the network, they are prevented from removing, altering or destroying key information without the required permissions.
"Cyber groups like Fancy Bear have an arsenal of tools at their disposal to break down the doors of a network, but that doesn't mean they should be able to walk out with the crown jewels under their arm."
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend