By David Ingram
SAN FRANCISCO (Reuters) - A Virginia-based cybersecurity firm said on Thursday it had found early indications that Russia-based hackers may be planning attacks against anti-doping agencies in retaliation for Russia's exclusion from next month's Winter Olympic Games.
Researchers from ThreatConnect Inc said that within the past month unknown people had registered three web domains that mimic those of the World Anti-Doping Agency, the U.S. Anti-Doping Agency and the Olympic Council of Asia.
The moves bore similarities to the methods that a Russian hacking group known as Fancy Bear used in the past, the cybersecurity firm said in a report.
Fancy Bear was blamed for an Olympics-related hack in 2016, when the World Anti-Doping Agency said the group was responsible for stealing and publishing confidential medical information about U.S. Olympic athletes.
The International Olympic Committee (IOC) and the Russian embassy in Washington did not immediately respond to requests for comment.
ThreatConnect said there was no evidence that hackers had used the web domains maliciously, but that the domains could provide the building blocks for future attacks.
Domains that imitate, or "spoof," legitimate websites are a common tactic employed by hackers for various types of attacks, such as gaining access to email accounts.
The imitation domains "raise the question of a broader campaign against the upcoming 2018 Winter Games," ThreatConnect said.
Next month's Games in Pyeongchang, South Korea, are expected to draw worldwide attention, making the event a potentially valuable target for hackers amid a politically charged atmosphere.
The IOC last month banned the Russian national team from the Winter Games for what it called "unprecedented systematic manipulation" of the anti-doping system, although it allowed Russian athletes with a clean history of non-doping to compete under a neutral flag.
Western governments and security experts have linked the hacking group known as Fancy Bear or APT28 to a Russian spy agency, and have blamed it for operations including an attack on the Democratic National Committee ahead of the 2016 U.S. elections.
Further raising expectations of an Olympics-related attack, a Twitter account that ThreatConnect said was most likely tied to Fancy Bear said on Wednesday it had obtained correspondence belonging to IOC officials.
A second U.S.-based security firm, McAfee, said on Monday that its security researchers had obtained a malicious email targeting organizations involved with the Pyeongchang Games.
McAfee did not cite a potential source for the email, but added: "With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes."
(Reporting by David Ingram; Additional reporting by Suzanne Barlyn in New York; Editing by Daniel Wallis)