The Olympics-related attacks are remarkable not for their novelty but for their sheer doggedness. The GRU, after all, has been hacking anti-doping agencies—including WADA—since 2016, in retaliation for investigations of Russian doping. They've previously leaked reams of stolen files and even athlete medical records along the way. And even after several Russian agents within that GRU group were indicted last year in connection with those attacks, the country's cyberspies and saboteurs can't seem to give up their Olympics obsession. "It’s a grudge match," says James Lewis, the director of the Strategic Technologies Program at the Center for Strategic and International Studies.
Lewis points out that Russian hackers could have either of two goals in mind when they hack anti-doping agencies. They gain the ability to strategically leak documents designed to embarrass the agencies, as they have in the past. Or they may be seeking to carry out more traditional espionage, getting intel on targets like WADA, potentially including their specific drug tests and how to defeat them. "For decades, the Russians have been using drugs to enhance athletic performance, and when WADA pulled the plug on them they were outraged. They’ve really never forgiven WADA for that, and they also want to know what WADA knows," Lewis says. "It’s a good way to tailor your strategy for doping if you know what the other guy is looking for."
Microsoft declined to share more specifics on the latest wave of anti-doping agency attacks, but says that the Fancy Bear hackers are using tricks similar to those they've employed in attacks against governments, political campaigns, and civil society around the world for years, including spearphishing, bruteforce password guessing, and directly targeting internet-connected devices.The GRU's sports-related hacking first came to light in the fall of 2016 , when hackers posted a collection of stolen files from WADA, including the medical records of Simon Biles and Serena and Venus Williams, on the website FancyBears.net. The leak, aside from its brazen mockery of the name given to the hacker group by security firm CrowdStrike, attempted to discredit WADA by showing that US athletes took performance-enhancing drugs, too. Simon Biles had, for instance, taken an ADHD medication since early childhood, which WADA had approved for her to use during competition. After Russia's Winter Olympics ban in early 2018, Fancy Bear retaliated with yet more leaks, this time from the network of the International Olympic Committee .