Cyber Incident Victim: United States Olympic Committee
Date:
Jan 2018
Location:
United States of America
Summary
Russian-linked hacking group Fancy Bears, associated with the GRU intelligence agency, breached and publicly released emails from the United States Olympic Committee, the International Olympic Committee, and affiliated anti-doping organizations. The attack, likely conducted via phishing, targeted communications between investigators who exposed Russia's state-sponsored doping program, including correspondence involving key figures like Richard McLaren and Richard Young. The leak appeared retaliatory following Russia's ban from the upcoming Winter Olympics, aiming to discredit anti-doping authorities by framing their actions as politically motivated. While the World Anti-Doping Agency confirmed the emails' authenticity, it emphasized the data was outdated and part of a deliberate campaign to undermine its operations. The incident highlighted ongoing cyber-espionage efforts to influence international sports governance decisions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 10, 2018, the Russia-linked hacking group Fancy Bears released a cache of emails purportedly stolen from the International Olympic Committee (IOC), the United States Olympic Committee (USOC), and affiliated third-party organizations. The leak occurred shortly after the IOC’s December 2017 decision to ban Russia from the 2018 PyeongChang Winter Olympics due to a state-sponsored doping program. The emails, dated between late 2016 and spring 2017, primarily involved communications among anti-doping investigators, including those who contributed to exposing Russia’s systematic doping violations. Fancy Bears, widely attributed to Russia’s GRU intelligence agency by U.S. officials, hosted the emails on a dedicated website, framing them as evidence of Western efforts to monopolize power and finances in global sports. The group employed phishing tactics to infiltrate email accounts, though the specific compromised accounts or scale of the breach remained unconfirmed. The World Anti-Doping Agency (WADA) acknowledged the emails’ authenticity but emphasized they were outdated and part of a campaign to discredit its work.
The leaked correspondence included messages from IOC lawyer Howard Stupp criticizing WADA for publishing investigator Richard McLaren’s findings on Russian doping without prior consultation with sports authorities. Fancy Bears specifically targeted McLaren, whose report underpinned Russia’s Olympic ban, and Richard Young, a Colorado-based lawyer on McLaren’s team. Young stated his firm’s IT department was reviewing the emails but acknowledged they might be legitimate. The IOC did not publicly confirm the breach’s validity or scope. The incident aimed to amplify Russian narratives of Western bias following the Olympic ban, though the emails did not alter the IOC’s enforcement of sanctions. WADA condemned Fancy Bears as a criminal entity seeking to undermine anti-doping efforts, while the USOC’s direct involvement was noted but not elaborated in the disclosed communications. The operation mirrored prior Russian cyber retaliation against sports governance bodies but lacked the consequential impact of earlier campaigns like the 2016 DNC hack.