The Swedish authorities have decided to halt an investigation into a data breach supposedly perpetrated by the Russian military intelligence, GRU, over the course of a few months in 2017 and 2018.
From December 2017 until May 2018, the Swedish Sports Confederation was under attack from a then-unknown entity. Following the investigation, authorities in Sweden determined the attack came from Russia and was likely part of a more extensive campaign directed at the World Anti-Doping Agency (WADA) and The United States Anti-Doping Agency.
As it turns out, the investigation didn’t stop because the authorities hit a dead end. On the contrary, the investigators named the entities involved in the attacks but decided to stop because they couldn’t take any punitive measures.
”The investigation shows that the Russian military intelligence, GRU who, via its 85th Center, also known as unit 26165, has planned and carried out the serious breaches of data secrecy against the Swedish Sports Confederation,” said public prosecutor Mats Ljungqvist. “We can further state that the breaches have been a part of a Russian campaign directed against national and international anti-doping organisations such as WADA and USADA. The campaign has also been directed against FIFA.”
The data breach targeted the private data the agencies had on Swedish athletes, such as their medical records.
The prosecutor said his office reached the difficult conclusion that the necessary preconditions for taking legal action abroad or extradition to Sweden are lacking. This means they can’t actually do anything against the attackers, beyond publicly identifying them.
In 2016, WADA recommended that the Russian Olympic team be banned from participating in Brazil’s 2016 Summer Olympics. The cyberattacks in the following years are regarded as retaliation for that ban.