Fancy Bear was blamed for an Olympics-related hack in 2016, when the World Anti-Doping Agency said the group was responsible for stealing and publishing confidential medical information about US Olympic athletes.
The International Olympic Committee (IOC) and the Russian embassy in Washington did not immediately respond to requests for comment.
ThreatConnect said there was no evidence that hackers had used the web domains maliciously, but that the domains could provide the building blocks for future attacks.
Domains that imitate legitimate websites are a common tactic employed by hackers for various types of attacks, such as gaining access to email accounts.
The imitation domains "raise the question of a broader campaign against the upcoming 2018 Winter Games," ThreatConnect said.
Next month's Games in PyeongChang, South Korea, are expected to draw worldwide attention, making the event a potentially valuable target for hackers amid a politically charged atmosphere.
The IOC last month banned the Russian national team from the Winter Games for what it called "unprecedented systematic manipulation" of the anti-doping system, although it allowed Russian athletes with a clean history of non-doping to compete under a neutral flag.
Western governments and security experts have linked the hacking group known as Fancy Bear or APT28 to a Russian spy agency, and have blamed it for operations including an attack on the Democratic National Committee ahead of the 2016 U.S. elections.
Further raising expectations of an Olympics-related attack, a Twitter account that ThreatConnect said was most likely tied to Fancy Bear said on Wednesday it had obtained correspondence belonging to IOC officials.