Fancy Bear strikes again: Russian hackers accessed IAAF athletes' medical data in cyberattack

Russian hackers have compromised the servers of the world governing body for athletics, likely making off with athletes' medical data.

The attack against the International Association of Athletics Federations (IAAF) has been attributed to the APT 28 hacking group -- also known as Fancy Bear -- and took place in February this year.

The same cyberespionage group claimed responsibility for leaking Olympic athletes' confidential medical files following an attack against the World Anti-Doping Agency last year and has been linked to interference with the US election in 2016.

Unauthorised remote access to the IAAF network was detected when metadata on athletes' Therapeutic Use Exemption (TUE) -- detailing if they're allowed to use prescribed medications -- was collected from the server and stored in a newly-created file.

In an email to ZDNet, the IAAF said the TUE data of the more than 80 athletes who have applied for TUEs since 2012 appears to have been compromised.

The IAAF added that the intent of the hackers was to "access the TUE data", which "seems to have been removed from the server" by unauthorised outsiders. All affected athletes have been contacted about the breach and provided with a dedicated email address for any questions.

"Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential," said IAAF president Sebastian Coe. "They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world's best organisations to create as safe an environment as we can."

This cyberattack was discovered by security personnel from Context Information Security, who had been undertaking a 'technical investigation' across IAAF systems since the beginning of January.

"Throughout the investigation, the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance. This has been critical in allowing us to both quickly identify the nature of the intrusion and to provide a full and diligent resolution," a Context Information Security spokesperson said.

"Our findings in this investigation give us a high degree of confidence that this cyberattack can be attributed to Fancy Bear," the spokesperson added.

In the time since the attack was discovered, the IAAF has consulted the UK's National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique in Monaco in order to "carry out a complex remediation across all systems and servers in order to remove the attackers' access to the network".

In an email statement to ZDNet, the NCSC confirmed it has been working with the IAAF and praised the organisations' response to the attack.

"We are aware of the cyber incident which the IAAF have made public. The NCSC have been providing assistance at the request of the IAAF. We commend the IAAF's proactive decision to hire ContextIS, an NCSC approved company to help deal with this cyberattack," an NSCC spokesperson said.

At the time of writing, the hackers had yet to claim responsibility for the attack.

VIDEO: Russia's Fancy Bear hackers steal athletes' medical records again

READ MORE ON CYBERESPIONAGE

• Cyberwar: The smart person's guide (TechRepublic)
• The hackers that never went away: Brace for more state-backed attacks, leaks and copycats this year
• Russian hackers target US athlete information, anti-doping agency says (CNET)
• Cybercrime Inc: How hacking gangs are modeling themselves on big business
• Did Russia's election hacking break international law? Even the experts aren't sure