1000’s of private data allegedly linked to athletes and guests of the Saudi Video games have been revealed on-line by a pro-Iranian hacktivist group known as Cyber Fattah.
Cybersecurity firm Resecurity stated the breach was introduced on Telegram on June 22, 2025, within the type of SQL database dumps, characterizing it as an info operation “carried out by Iran and its proxies.”
“The actors gained unauthorized entry to phpMyAdmin (backend) and exfiltrated saved data,” Resecurity stated. “That is an instance of Iran utilizing information breaches as half of a bigger anti-U.S., anti-Israel, and anti-Saudi propaganda exercise in our on-line world, concentrating on main sports activities and social occasions.”
It is believed that the info is probably going pulled from the Saudi Video games 2024 official web site after which shared on DarkForums, a cybercrime discussion board that has gained consideration within the wake of BreachForums’ repeated takedowns. The data was revealed by a discussion board consumer named ZeroDayX, a burner profile that was probably created to advertise this breach.
The leaked information contains IT workers credentials; authorities official e-mail addresses; athletes’ and guests’ info; passports and ID playing cards; financial institution statements; medical kinds; and scanned copies of delicate paperwork.
“The actions of Cyber Fattah align with a broader development of hacktivism within the Center East, the place teams steadily interact in cyber warfare as a type of activism,” Resecurity stated.
The leak unfolds towards the backdrop of simmering tensions between Iran and Israel, with as many as 119 hacktivist teams claiming to have performed cyber assaults or have made declarations to align with or act towards the 2 nations, per Cyberknow.
Cyber Fattah, which calls itself an “Iranian cyber workforce,” has a historical past of concentrating on Israeli and Western internet assets and authorities businesses.
It is also recognized to collaborate with different risk actors energetic within the area, resembling 313 Group, which claimed duty for a distributed denial-of-service (DDoS) assault towards social media platform Fact Social in retaliation for U.S. airstrikes on Iran’s nuclear services.
“This incident by Cyber Fattah might point out an attention-grabbing shift from Israel-centric malicious exercise towards a broader deal with anti-U.S. and anti-Saudi messaging,” Resecurity stated.
Final week, a pro-Israel group generally known as Predatory Sparrow (aka Adalat Ali, Gonjeshke Darande, Indra, or MeteorExpress) claimed to have leaked information obtained from the Iranian Ministry of Communications. Notably, it additionally hacked Iran’s largest cryptocurrency alternate, Nobitex, and burned over $90 million in cryptocurrency by sending digital belongings to invalid wallets.
Cybersecurity firm Outpost24 stated the attackers probably had “entry to inside documentation that detailed the interior workings of the alternate and probably even authentication credentials” to tug off the heist, or that it was a case of a rogue insider who labored with the group.
“This was not a financially motivated heist however a strategic, ideological, and psychological operation,” safety researcher Lidia López Sanz stated. “By destroying slightly than exfiltrating funds, the risk actor emphasised its objectives: dismantling public belief in regime-linked establishments and signaling its technical superiority.”
Subsequently, on June 18, Iran’s state broadcaster IRIB’s (brief for Islamic Republic of Iran Broadcasting) tv stream was hijacked to show pro-Israeli and anti-Iranian authorities imagery. IRIB claimed Israel was behind the incident.
 |
| Picture Supply: Cyberknow |
Israel, for its half, has additionally change into a goal of pro-Palestine hacking teams just like the Handala workforce, which has listed a number of Israeli organizations on its information leak website beginning June 14, 2025. These included Delek Group, Y.G. New Idan, and AeroDreams.
One other development noticed within the cyber warfare between Iran and Israel is the approaching collectively of smaller hacktivist teams to kind umbrella entities just like the Cyber Islamic Resistance or United Cyber Entrance for Palestine and Iran.
“These loosely affiliated ‘cyber unions’ share assets and synchronize campaigns, amplifying their impression regardless of restricted technical sophistication,” Trustwave SpiderLabs stated in a report revealed final week.
The corporate additionally singled out one other pro-Iranian group named DieNet that, regardless of its pro-Iranian and pro-Hamas stance, is believed to incorporate Russian-speaking members and connections to different cyber communities in Jap Europe.
“What distinguishes DieNet from many different pro-Iranian actors is its hybrid identification,” it famous. “Linguistic evaluation of DieNet’s messages, in addition to timestamps, metadata, and interplay sample, means that a minimum of a part of the group communicates internally in Russian or makes use of Slavic-language assets.”
“This factors to the broader phenomenon of cross-regional cyber collaboration, the place ideological alignment overrides geographic or nationwide boundaries.”
Group-IB, in an evaluation of Telegram-based hacktivist exercise following June 13, stated DieNet was essentially the most referenced channel, quoted 79 instances in the course of the time interval. In all, greater than 5,800 messages have been recorded throughout varied hacktivist channels between June 13 and 20.
The deployment of cyber capabilities within the context of the Iran-Israel conflict, in addition to different latest geopolitical occasions surrounding Hamas–Israel and Russia-Ukraine conflicts, demonstrates how digital operations are more and more being built-in to complement kinetic actions, affect public notion, and disrupt crucial infrastructure, Trustwave added.
