Cyber Incident Victim: International Olympic Committee
Date:
Dec 2016
Location:
Switzerland
Summary
The International Olympic Committee suffered a cyberattack attributed to the Russian-linked Fancy Bears group, believed to be associated with GRU intelligence. The attackers breached email accounts of officials and affiliated organizations, stealing correspondence related to anti-doping investigations that led to sanctions against Russia. The stolen emails were subsequently leaked publicly in an apparent retaliation effort to discredit the organization and anti-doping bodies by portraying their actions as politically motivated. While the authenticity of some emails was initially questioned, relevant authorities acknowledged the breach but noted the data was outdated. The incident highlighted ongoing tensions between Russia and international sports governance entities following competitive bans.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 5, 2017, the International Olympic Committee (IOC) banned Russia from participating in the 2018 PyeongChang Winter Olympics following investigations into a state-sponsored doping program. In retaliation, the Russian-linked hacking group Fancy Bears (also known as Fancy Bear and associated with Russia’s GRU intelligence agency by US officials) published a cache of stolen emails on January 10, 2018. The emails purportedly belonged to IOC officials, the United States Olympic Committee, and third-party organizations involved in anti-doping investigations. The correspondence spanned from late 2016 through spring 2017, focusing on communications between anti-doping investigators who had exposed Russia’s systematic doping violations. While the exact breach method was not confirmed, Fancy Bears historically relied on phishing attacks to compromise email accounts. The World Anti-Doping Agency (WADA) acknowledged the emails’ authenticity but emphasized they were outdated and part of a campaign to undermine its credibility.
The leaked emails targeted individuals central to the doping investigations, including Richard McLaren, the Canadian lawyer whose independent reports detailed Russia’s cheating and formed the basis for the IOC’s ban, and Richard Young, a Colorado-based lawyer on McLaren’s team. One disclosed email from IOC lawyer Howard Stupp criticized WADA for publishing McLaren’s findings without prior consultation with sports officials. Fancy Bears framed the leak as evidence of Western powers manipulating global sports governance for financial and political gain. The hack caused operational disruptions, with Young’s law firm conducting IT reviews to authenticate the emails. WADA condemned the attack as criminal activity aimed at destabilizing anti-doping efforts. Despite the leak’s intent to delegitimize the IOC’s decision and rehabilitate Russia’s reputation, the ban remained in effect, with only select Russian athletes permitted to compete under a neutral flag. The incident highlighted ongoing geopolitical tensions in international sports but did not alter the disciplinary outcomes for Russia.