1000’s of private data allegedly linked to athletes and guests of the Saudi Video games have been revealed on-line by a pro-Iranian hacktivist group referred to as Cyber Fattah.
Cybersecurity firm Resecurity mentioned the breach was introduced on Telegram on June 22, 2025, within the type of SQL database dumps, characterizing it as an data operation “carried out by Iran and its proxies.”
“The actors gained unauthorized entry to phpMyAdmin (backend) and exfiltrated saved data,” Resecurity mentioned. “That is an instance of Iran utilizing knowledge breaches as half of a bigger anti-U.S., anti-Israel, and anti-Saudi propaganda exercise in our on-line world, focusing on main sports activities and social occasions.”
It is believed that the info is probably going pulled from the Saudi Video games 2024 official web site after which shared on DarkForums, a cybercrime discussion board that has gained consideration within the wake of BreachForums’ repeated takedowns. The data was revealed by a discussion board consumer named ZeroDayX, a burner profile that was doubtless created to advertise this breach.
The leaked knowledge consists of IT workers credentials; authorities official e mail addresses; athletes’ and guests’ data; passports and ID playing cards; financial institution statements; medical types; and scanned copies of delicate paperwork.
“The actions of Cyber Fattah align with a broader pattern of hacktivism within the Center East, the place teams regularly have interaction in cyber warfare as a type of activism,” Resecurity mentioned.
The leak unfolds in opposition to the backdrop of simmering tensions between Iran and Israel, with as many as 119 hacktivist teams claiming to have carried out cyber assaults or have made declarations to align with or act in opposition to the 2 nations, per Cyberknow.
Cyber Fattah, which calls itself an “Iranian cyber crew,” has a historical past of focusing on Israeli and Western internet assets and authorities businesses.
It is also recognized to collaborate with different menace actors lively within the area, reminiscent of 313 Group, which claimed accountability for a distributed denial-of-service (DDoS) assault in opposition to social media platform Reality Social in retaliation for U.S. airstrikes on Iran’s nuclear services.
“This incident by Cyber Fattah could point out an fascinating shift from Israel-centric malicious exercise towards a broader deal with anti-U.S. and anti-Saudi messaging,” Resecurity mentioned.
Final week, a pro-Israel group often known as Predatory Sparrow (aka Adalat Ali, Gonjeshke Darande, Indra, or MeteorExpress) claimed to have leaked knowledge obtained from the Iranian Ministry of Communications. Notably, it additionally hacked Iran’s largest cryptocurrency alternate, Nobitex, and burned over $90 million in cryptocurrency by sending digital property to invalid wallets.
Cybersecurity firm Outpost24 mentioned the attackers presumably had “entry to inner documentation that detailed the internal workings of the alternate and presumably even authentication credentials” to tug off the heist, or that it was a case of a rogue insider who labored with the group.
“This was not a financially motivated heist however a strategic, ideological, and psychological operation,” safety researcher Lidia López Sanz mentioned. “By destroying somewhat than exfiltrating funds, the menace actor emphasised its targets: dismantling public belief in regime-linked establishments and signaling its technical superiority.”
Subsequently, on June 18, Iran’s state broadcaster IRIB’s (quick for Islamic Republic of Iran Broadcasting) tv stream was hijacked to show pro-Israeli and anti-Iranian authorities imagery. IRIB claimed Israel was behind the incident.
 |
| Picture Supply: Cyberknow |
Israel, for its half, has additionally develop into a goal of pro-Palestine hacking teams just like the Handala crew, which has listed a number of Israeli organizations on its knowledge leak web site beginning June 14, 2025. These included Delek Group, Y.G. New Idan, and AeroDreams.
One other pattern noticed within the cyber warfare between Iran and Israel is the approaching collectively of smaller hacktivist teams to kind umbrella entities just like the Cyber Islamic Resistance or United Cyber Entrance for Palestine and Iran.
“These loosely affiliated ‘cyber unions’ share assets and synchronize campaigns, amplifying their impression regardless of restricted technical sophistication,” Trustwave SpiderLabs mentioned in a report revealed final week.
The corporate additionally singled out one other pro-Iranian group named DieNet that, regardless of its pro-Iranian and pro-Hamas stance, is believed to incorporate Russian-speaking members and connections to different cyber communities in Jap Europe.
“What distinguishes DieNet from many different pro-Iranian actors is its hybrid id,” it famous. “Linguistic evaluation of DieNet’s messages, in addition to timestamps, metadata, and interplay sample, means that no less than a part of the group communicates internally in Russian or makes use of Slavic-language assets.”
“This factors to the broader phenomenon of cross-regional cyber collaboration, the place ideological alignment overrides geographic or nationwide boundaries.”
Group-IB, in an evaluation of Telegram-based hacktivist exercise following June 13, mentioned DieNet was probably the most referenced channel, quoted 79 occasions in the course of the time interval. In all, greater than 5,800 messages have been recorded throughout varied hacktivist channels between June 13 and 20.
The deployment of cyber capabilities within the context of the Iran-Israel conflict, in addition to different current geopolitical occasions surrounding Hamas–Israel and Russia-Ukraine conflicts, demonstrates how digital operations are more and more being built-in to complement kinetic actions, affect public notion, and disrupt crucial infrastructure, Trustwave added.
