1000’s of private data allegedly linked to athletes and guests of the Saudi Video games have been revealed on-line by a pro-Iranian hacktivist group known as Cyber Fattah.
Cybersecurity firm Resecurity mentioned the breach was introduced on Telegram on June 22, 2025, within the type of SQL database dumps, characterizing it as an info operation “carried out by Iran and its proxies.”
“The actors gained unauthorized entry to phpMyAdmin (backend) and exfiltrated saved data,” Resecurity mentioned. “That is an instance of Iran utilizing data breaches as half of a bigger anti-U.S., anti-Israel, and anti-Saudi propaganda exercise in our on-line world, concentrating on main sports activities and social occasions.”
It is believed that the information is probably going pulled from the Saudi Video games 2024 official web site after which shared on DarkForums, a cybercrime discussion board that has gained consideration within the wake of BreachForums’ repeated takedowns. The data was revealed by a discussion board consumer named ZeroDayX, a burner profile that was possible created to advertise this breach.
The leaked knowledge contains IT workers credentials; authorities official e mail addresses; athletes’ and guests’ info; passports and ID playing cards; financial institution statements; medical kinds; and scanned copies of delicate paperwork.
“The actions of Cyber Fattah align with a broader development of hacktivism within the Center East, the place teams regularly interact in cyber warfare as a type of activism,” Resecurity mentioned.
The leak unfolds towards the backdrop of simmering tensions between Iran and Israel, with as many as 119 hacktivist teams claiming to have performed cyber assaults or have made declarations to align with or act towards the 2 nations, per Cyberknow.
Cyber Fattah, which calls itself an “Iranian cyber crew,” has a historical past of concentrating on Israeli and Western internet assets and authorities companies.
It is also recognized to collaborate with different menace actors energetic within the area, reminiscent of 313 Crew, which claimed duty for a distributed denial-of-service (DDoS) assault towards social media platform Fact Social in retaliation for U.S. airstrikes on Iran’s nuclear services.
“This incident by Cyber Fattah could point out an fascinating shift from Israel-centric malicious exercise towards a broader give attention to anti-U.S. and anti-Saudi messaging,” Resecurity mentioned.
Final week, a pro-Israel group often called Predatory Sparrow (aka Adalat Ali, Gonjeshke Darande, Indra, or MeteorExpress) claimed to have leaked knowledge obtained from the Iranian Ministry of Communications. Notably, it additionally hacked Iran’s largest cryptocurrency change, Nobitex, and burned over $90 million in cryptocurrency by sending digital property to invalid wallets.
Cybersecurity firm Outpost24 mentioned the attackers presumably had “entry to inside documentation that detailed the interior workings of the change and presumably even authentication credentials” to drag off the heist, or that it was a case of a rogue insider who labored with the group.
“This was not a financially motivated heist however a strategic, ideological, and psychological operation,” security researcher Lidia López Sanz mentioned. “By destroying fairly than exfiltrating funds, the menace actor emphasised its objectives: dismantling public belief in regime-linked establishments and signaling its technical superiority.”
Subsequently, on June 18, Iran’s state broadcaster IRIB’s (quick for Islamic Republic of Iran Broadcasting) tv stream was hijacked to show pro-Israeli and anti-Iranian authorities imagery. IRIB claimed Israel was behind the incident.
 |
| Picture Supply: Cyberknow |
Israel, for its half, has additionally develop into a goal of pro-Palestine hacking teams just like the Handala crew, which has listed a number of Israeli organizations on its knowledge leak website beginning June 14, 2025. These included Delek Group, Y.G. New Idan, and AeroDreams.
One other development noticed within the cyber warfare between Iran and Israel is the approaching collectively of smaller hacktivist teams to kind umbrella entities just like the Cyber Islamic Resistance or United Cyber Entrance for Palestine and Iran.
“These loosely affiliated ‘cyber unions’ share assets and synchronize campaigns, amplifying their impression regardless of restricted technical sophistication,” Trustwave SpiderLabs mentioned in a report revealed final week.
The corporate additionally singled out one other pro-Iranian group named DieNet that, regardless of its pro-Iranian and pro-Hamas stance, is believed to incorporate Russian-speaking members and connections to different cyber communities in Japanese Europe.
“What distinguishes DieNet from many different pro-Iranian actors is its hybrid id,” it famous. “Linguistic evaluation of DieNet’s messages, in addition to timestamps, metadata, and interplay sample, means that not less than a part of the group communicates internally in Russian or makes use of Slavic-language assets.”
“This factors to the broader phenomenon of cross-regional cyber collaboration, the place ideological alignment overrides geographic or nationwide boundaries.”
Group-IB, in an evaluation of Telegram-based hacktivist exercise following June 13, mentioned DieNet was probably the most referenced channel, quoted 79 occasions in the course of the time interval. In all, greater than 5,800 messages have been recorded throughout varied hacktivist channels between June 13 and 20.
The deployment of cyber capabilities within the context of the Iran-Israel warfare, in addition to different latest geopolitical occasions surrounding Hamas–Israel and Russia-Ukraine conflicts, demonstrates how digital operations are more and more being built-in to complement kinetic actions, affect public notion, and disrupt essential infrastructure, Trustwave added.
