Suspected ‘hostile state’ behind hack of Poland’s anti-doping agency and leak of athletes’ data

Avatar

Hackers “supported by the services of [a] hostile state” are believed to be behind the leak of over 50,000 confidential files from Poland’s anti-doping agency POLADA, an agency spokesperson told Recorded Future News.

Beregini, the group claiming responsibility for the attack, describes itself on Telegram as a “Ukrainian hacker group” and claimed the attack was in response to the Olympic Games having “been turned into a political oppression instrument.”

Beregini has previously been observed working in coordination with other pro-Russian entities, also presenting themselves as hacktivist groups, to share fake documents and spread false information about Ukraine’s war plans. It also runs a harassment website publishing the personal information of Ukrainian military personnel and their families.

Although the nature of the attack on POLADA hasn’t been confirmed, the anti-doping agency’s website went down last week and remained offline as of Tuesday. The tens of thousands of confidential files  compromised in the attack include the medical records and testing histories of Polish athletes.

“At the moment, the case is under investigation and detailed technical analysis. POLADA has taken all necessary steps to secure the systems and file a notice with the relevant law enforcement agencies,” said the spokesperson, adding the agency was “in constant contact with the Police, CERT Poland, the Office of Personal Data Protection and the Ministry of Sport and Tourism.”

Polish athletes have been notified about the compromise of their information. Wojciech Pszczolarski, a cyclist, shared one of these notices on social media. The notice states that the names, home addresses, email addresses and phone numbers of several athletes have been published online.

POLADA’s spokesperson said: “We take the utmost care with regard to information security and the protection of those affected. All persons whose data has been published are immediately informed and given clear instructions for further action.”

The true nature of the Beregini hacking group is unclear. Mandiant reported in September 2022 that some “self-proclaimed hacktivist groups working in support of Russian interests” are “almost certainly operating independently of the Russian state.”

However, the cybersecurity company said it had also identified several “whose moderators we suspect are either a front for, or operating in coordination with, the Russian state.” That assessment was partially based on the hackers using tools linked to the GRU, Russia’s military intelligence agency, on the networks of Ukrainian victims.

No Russian or Belarusian athletes competed under their country’s flag in this year’s summer Olympics in Paris. Russian athletes have been banned from having a normal presence at the Olympic Games since 2017, due to the country’s state-sponsored doping program and its full-scale invasion of Ukraine in 2022.

According to the British government, as of the start of the Paris Olympics, 487 Ukrainian athletes have been killed due to the Russian invasion. Only 140 athletes from Ukraine took part at this year’s Olympic Games in Paris, the country’s smallest ever representation in the summer Olympics.

CybercrimeNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Russia is pushing disinformation about Kursk operation, Ukrainian officials say

Next Post

Carbon black supplier Orion loses $60 million in business email compromise scam

Related Posts

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
Avatar
Read More

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
Avatar
Read More