Hundreds of non-public data allegedly linked to athletes and guests of the Saudi Video games have been printed on-line by a pro-Iranian hacktivist group known as Cyber Fattah.
Cybersecurity firm Resecurity stated the breach was introduced on Telegram on June 22, 2025, within the type of SQL database dumps, characterizing it as an data operation “carried out by Iran and its proxies.”
“The actors gained unauthorized entry to phpMyAdmin (backend) and exfiltrated saved data,” Resecurity stated. “That is an instance of Iran utilizing information breaches as half of a bigger anti-U.S., anti-Israel, and anti-Saudi propaganda exercise in our on-line world, focusing on main sports activities and social occasions.”
It is believed that the info is probably going pulled from the Saudi Video games 2024 official web site after which shared on DarkForums, a cybercrime discussion board that has gained consideration within the wake of BreachForums’ repeated takedowns. The knowledge was printed by a discussion board person named ZeroDayX, a burner profile that was seemingly created to advertise this breach.
The leaked information consists of IT workers credentials; authorities official e-mail addresses; athletes’ and guests’ data; passports and ID playing cards; financial institution statements; medical kinds; and scanned copies of delicate paperwork.
“The actions of Cyber Fattah align with a broader pattern of hacktivism within the Center East, the place teams steadily have interaction in cyber warfare as a type of activism,” Resecurity stated.
The leak unfolds in opposition to the backdrop of simmering tensions between Iran and Israel, with as many as 119 hacktivist teams claiming to have carried out cyber assaults or have made declarations to align with or act in opposition to the 2 nations, per Cyberknow.
Cyber Fattah, which calls itself an “Iranian cyber group,” has a historical past of focusing on Israeli and Western net sources and authorities companies.
It is also identified to collaborate with different menace actors energetic within the area, comparable to 313 Workforce, which claimed duty for a distributed denial-of-service (DDoS) assault in opposition to social media platform Reality Social in retaliation for U.S. airstrikes on Iran’s nuclear amenities.
“This incident by Cyber Fattah might point out an attention-grabbing shift from Israel-centric malicious exercise towards a broader give attention to anti-U.S. and anti-Saudi messaging,” Resecurity stated.
Final week, a pro-Israel group often known as Predatory Sparrow (aka Adalat Ali, Gonjeshke Darande, Indra, or MeteorExpress) claimed to have leaked information obtained from the Iranian Ministry of Communications. Notably, it additionally hacked Iran’s largest cryptocurrency alternate, Nobitex, and burned over $90 million in cryptocurrency by sending digital belongings to invalid wallets.
Cybersecurity firm Outpost24 stated the attackers probably had “entry to inner documentation that detailed the inside workings of the alternate and probably even authentication credentials” to drag off the heist, or that it was a case of a rogue insider who labored with the group.
“This was not a financially motivated heist however a strategic, ideological, and psychological operation,” safety researcher Lidia López Sanz stated. “By destroying moderately than exfiltrating funds, the menace actor emphasised its targets: dismantling public belief in regime-linked establishments and signaling its technical superiority.”
Subsequently, on June 18, Iran’s state broadcaster IRIB’s (quick for Islamic Republic of Iran Broadcasting) tv stream was hijacked to show pro-Israeli and anti-Iranian authorities imagery. IRIB claimed Israel was behind the incident.
Picture Supply: Cyberknow
Israel, for its half, has additionally turn out to be a goal of pro-Palestine hacking teams just like the Handala group, which has listed a number of Israeli organizations on its information leak web site beginning June 14, 2025. These included Delek Group, Y.G. New Idan, and AeroDreams.
One other pattern noticed within the cyber warfare between Iran and Israel is the approaching collectively of smaller hacktivist teams to type umbrella entities just like the Cyber Islamic Resistance or United Cyber Entrance for Palestine and Iran.
“These loosely affiliated ‘cyber unions’ share sources and synchronize campaigns, amplifying their impression regardless of restricted technical sophistication,” Trustwave SpiderLabs stated in a report printed final week.
The corporate additionally singled out one other pro-Iranian group named DieNet that, regardless of its pro-Iranian and pro-Hamas stance, is believed to incorporate Russian-speaking members and connections to different cyber communities in Jap Europe.
“What distinguishes DieNet from many different pro-Iranian actors is its hybrid id,” it famous. “Linguistic evaluation of DieNet’s messages, in addition to timestamps, metadata, and interplay sample, means that a minimum of a part of the group communicates internally in Russian or makes use of Slavic-language sources.”
“This factors to the broader phenomenon of cross-regional cyber collaboration, the place ideological alignment overrides geographic or nationwide boundaries.”
Group-IB, in an evaluation of Telegram-based hacktivist exercise following June 13, stated DieNet was probably the most referenced channel, quoted 79 occasions through the time interval. In all, greater than 5,800 messages have been recorded throughout varied hacktivist channels between June 13 and 20.
The deployment of cyber capabilities within the context of the Iran-Israel warfare, in addition to different current geopolitical occasions surrounding Hamas–Israel and Russia-Ukraine conflicts, demonstrates how digital operations are more and more being built-in to complement kinetic actions, affect public notion, and disrupt vital infrastructure, Trustwave added.
Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.
