Suspected ‘hostile state’ behind hack of Poland’s anti-doping agency and leak of athletes’ data

Hackers “supported by the services of [a] hostile state” are believed to be behind the leak of over 50,000 confidential files from Poland’s anti-doping agency POLADA, an agency spokesperson told Recorded Future News.

Beregini, the group claiming responsibility for the attack, describes itself on Telegram as a “Ukrainian hacker group” and claimed the attack was in response to the Olympic Games having “been turned into a political oppression instrument.”

Beregini has previously been observed working in coordination with other pro-Russian entities, also presenting themselves as hacktivist groups, to share fake documents and spread false information about Ukraine’s war plans. It also runs a harassment website publishing the personal information of Ukrainian military personnel and their families.

Although the nature of the attack on POLADA hasn’t been confirmed, the anti-doping agency’s website went down last week and remained offline as of Tuesday. The tens of thousands of confidential files  compromised in the attack include the medical records and testing histories of Polish athletes.

“At the moment, the case is under investigation and detailed technical analysis. POLADA has taken all necessary steps to secure the systems and file a notice with the relevant law enforcement agencies,” said the spokesperson, adding the agency was “in constant contact with the Police, CERT Poland, the Office of Personal Data Protection and the Ministry of Sport and Tourism.”

Polish athletes have been notified about the compromise of their information. Wojciech Pszczolarski, a cyclist, shared one of these notices on social media. The notice states that the names, home addresses, email addresses and phone numbers of several athletes have been published online.

POLADA’s spokesperson said: “We take the utmost care with regard to information security and the protection of those affected. All persons whose data has been published are immediately informed and given clear instructions for further action.”

The true nature of the Beregini hacking group is unclear. Mandiant reported in September 2022 that some “self-proclaimed hacktivist groups working in support of Russian interests” are “almost certainly operating independently of the Russian state.”

However, the cybersecurity company said it had also identified several “whose moderators we suspect are either a front for, or operating in coordination with, the Russian state.” That assessment was partially based on the hackers using tools linked to the GRU, Russia’s military intelligence agency, on the networks of Ukrainian victims.

No Russian or Belarusian athletes competed under their country’s flag in this year’s summer Olympics in Paris. Russian athletes have been banned from having a normal presence at the Olympic Games since 2017, due to the country’s state-sponsored doping program and its full-scale invasion of Ukraine in 2022.

According to the British government, as of the start of the Paris Olympics, 487 Ukrainian athletes have been killed due to the Russian invasion. Only 140 athletes from Ukraine took part at this year’s Olympic Games in Paris, the country’s smallest ever representation in the summer Olympics.