04 Apr 2017

The IAAF has been a victim of a cyber-attack which it believes has compromised athletes’ Therapeutic Use Exemption (TUE) applications stored on IAAF servers.

A press release from IAAF says the attack by FANCY BEAR also known as APT28 was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security who were contacted by IAAF at the beginning of January to undertake a technical investigation across IAAF systems.

It says the presence of unauthorised remote access to the IAAF network by the attackers was noted on February 21 where meta data on athlete TUEs was collected from a file server and stored in a newly created file.

It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will. 

Furthermore, the release says over the past month the IAAF has consulted the UK National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique (Monaco AMSN) and worked with Context to carry out a complex remediation across all systems and servers in order to remove the attackers’ access to the network.

This was carried out and completed over the weekend.

“Athletes who have applied for TUEs since 2012 have been contacted and provided with a dedicated email address to contact the IAAF if they have any questions. Any other athlete concerned about their TUE applications should go to askiaaf.org, complete and submit the form and we will respond, wherever possible, within 24 hours,” says the release. ENDS