Suspected ‘hostile state’ behind hack of Poland’s anti-doping agency and leak of athletes’ data

Avatar

Hackers “supported by the services of [a] hostile state” are believed to be behind the leak of over 50,000 confidential files from Poland’s anti-doping agency POLADA, an agency spokesperson told Recorded Future News.

Beregini, the group claiming responsibility for the attack, describes itself on Telegram as a “Ukrainian hacker group” and claimed the attack was in response to the Olympic Games having “been turned into a political oppression instrument.”

Beregini has previously been observed working in coordination with other pro-Russian entities, also presenting themselves as hacktivist groups, to share fake documents and spread false information about Ukraine’s war plans. It also runs a harassment website publishing the personal information of Ukrainian military personnel and their families.

Although the nature of the attack on POLADA hasn’t been confirmed, the anti-doping agency’s website went down last week and remained offline as of Tuesday. The tens of thousands of confidential files  compromised in the attack include the medical records and testing histories of Polish athletes.

“At the moment, the case is under investigation and detailed technical analysis. POLADA has taken all necessary steps to secure the systems and file a notice with the relevant law enforcement agencies,” said the spokesperson, adding the agency was “in constant contact with the Police, CERT Poland, the Office of Personal Data Protection and the Ministry of Sport and Tourism.”

Polish athletes have been notified about the compromise of their information. Wojciech Pszczolarski, a cyclist, shared one of these notices on social media. The notice states that the names, home addresses, email addresses and phone numbers of several athletes have been published online.

POLADA’s spokesperson said: “We take the utmost care with regard to information security and the protection of those affected. All persons whose data has been published are immediately informed and given clear instructions for further action.”

The true nature of the Beregini hacking group is unclear. Mandiant reported in September 2022 that some “self-proclaimed hacktivist groups working in support of Russian interests” are “almost certainly operating independently of the Russian state.”

However, the cybersecurity company said it had also identified several “whose moderators we suspect are either a front for, or operating in coordination with, the Russian state.” That assessment was partially based on the hackers using tools linked to the GRU, Russia’s military intelligence agency, on the networks of Ukrainian victims.

No Russian or Belarusian athletes competed under their country’s flag in this year’s summer Olympics in Paris. Russian athletes have been banned from having a normal presence at the Olympic Games since 2017, due to the country’s state-sponsored doping program and its full-scale invasion of Ukraine in 2022.

According to the British government, as of the start of the Paris Olympics, 487 Ukrainian athletes have been killed due to the Russian invasion. Only 140 athletes from Ukraine took part at this year’s Olympic Games in Paris, the country’s smallest ever representation in the summer Olympics.

CybercrimeNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

China-linked hackers could be behind cyberattacks on Russian state agencies, researchers say

Next Post

China-linked hackers could be behind cyberattacks on Russian state agencies, researchers say

Related Posts

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead
Avatar
Read More

Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb,"
Avatar
Read More