The same Russian state-sponsored hackers that allegedly breached the Democratic National Committee may have also targeted the World Anti-Doping Agency.
On Tuesday, the sports drug-testing agency blamed a recent breach of its network on a Russian hacking group known as APT 28 or Fancy Bear.
The hackers gained access to the agency’s database and stole information about athletes including confidential medical data. Some of that data has already been publicly released, and the hackers have threatened to release more, the agency said in a statement.
It’s unclear when the breach occurred. However, in August, another hacking incident also targeted the whistleblower, Yuliya Stepanova, who exposed Russian-backed doping of Olympic teams.
In that hack, the perpetrators stole a password used by Stepanova to access her account at the anti-doping agency. At the time, the agency also reported that its users had received illegitimate emails, asking them to give over their “personal credentials.”
On Tuesday, the anti-doping agency said the latest breach came from hackers stealing login credentials through phishing emails, then gaining access through an accounted created by the International Olympic Committee account for the recent Rio Games.
The agency didn’t say how it concluded that Russian hackers were behind the breach and declined to elaborate. However, a security firm ThreatConnect has found evidence linking the group Fancy Bear with the phishing emails the doping agency noticed back in August.
Fancy Bear was also one of the hacking groups some security experts have blamed for the recent breach of the DNC, which was carried out as far back as last year.
Security firms consider Fancy Bear to be among the best cyber espionage teams in the world. Their past targets have included NATO and Eastern European governments, with a focus on stealing political and military data for the apparent benefit of the Russian government.
However, security experts also warn that it’s hard to definitively link a cyber attack to a group of hackers. Hacking tools deployed in one attack can be re-used by someone else.