Image: iStock

Russian hackers have compromised the servers of the world governing body for , likely making off with athletes' medical data.

The against the Association of Athletics Federations (IAAF) has been attributed to the APT 28 hacking -- also known as Bear -- and took place in February this year.

The same cyberespionage group claimed responsibility for leaking Olympic athletes' confidential medical files following an attack against the World Anti-Doping Agency last year and has been linked to interference with the US election in 2016.

Unauthorised to the IAAF network was detected when metadata on athletes' Therapeutic Use Exemption (TUE) -- detailing if they're allowed to use prescribed medications -- was collected from the server and stored in a newly-created file.

In an email to ZDNet, the IAAF said the data of the more than 80 athletes who have applied for TUEs since 2012 appears to have been compromised.



The IAAF added that the intent of the hackers was to "access the TUE data", which "seems to have been removed from the server" by unauthorised outsiders. All affected athletes have been contacted about the breach and provided with a dedicated email address for any questions.

"Our first priority is to the athletes who have provided the IAAF with information that they believed would secure and confidential," said IAAF president Sebastian Coe. "They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world's organisations to create as safe an environment as we can."

This cyberattack was discovered by security personnel from Context Information Security, who had been undertaking a 'technical investigation' across IAAF systems since the beginning of January.

"Throughout the investigation, the IAAF have understood the importance and of the attack and have provided us assistance. This has been critical in allowing us to both quickly identify the nature of the intrusion and to provide a full and diligent resolution," a Context Information Security spokesperson said.

"Our findings in this investigation give us a high degree of confidence that this cyberattack can be attributed to Fancy Bear," the spokesperson added.

In the time since the attack was discovered, the IAAF has consulted the UK's National Centre (NCSC) and the Agence Monégasque de Sécurité Numérique in in order to "carry out a complex remediation across all systems and servers in order to remove the attackers' access to the network".

In an email statement to ZDNet, the NCSC confirmed it has been working with the IAAF and praised the organisations' response to the attack.

"We are aware of the cyber incident which the IAAF have made public. The NCSC have been providing assistance at the request of the IAAF. We commend the IAAF's proactive decision to hire ContextIS, an NCSC approved company to help deal with this cyberattack," an NSCC spokesperson said.

At the time of writing, the hackers had yet to claim responsibility for the attack.

VIDEO: Russia's Fancy Bear hackers steal athletes' medical records again

Russia's Fancy Bear hackers steal athletes' medical records again Watch Now

READ MORE ON CYBERESPIONAGE