Thousands of personal records that are allegedly linked to athletes and visitors to the Saudi Games were published on the Internet by the Praisian Khactivist group called Cyber Fattah.
Cybersecurity company said the violation was announced on Telegram on June 22, 2025 in the form of a SQL database, characterizing it as an information operation “conducted by Iran and its trusted persons.”
“Actors have received unauthorized access to PHPMYADMIN (Backend) and explicit records,” renewable security – Note. “This is an example of Iran, which uses data violations within a major anti-American, anti-Israel and anti-Saudi propaganda activity in cyberspace, focusing on major sports and social events.”
Believed that data is probably Dark formThe cybercrime forum, which caught the attention after repeated grips of violations. The information was published by a forum user called Zerodayx, a vodka profile that was probably created to promote this violation.
Subburnt data include IT -peers accounting; state official e -mail addresses; information of athletes and visitors; Passports and IDs; bank statements; medical forms; and scanned copies of sensitive documents.
“Cyber -fat activity coincides with the broader tendency of hattivism in the Middle East, where groups often participate in cyber -will as a form of activity,” said the respect.
The leak is unfolding against the background Throwing tensions Between Iran and Israel, with as many as 119 hactivist groups claiming that they had carried out cyber -napades either made declarations to match or act against the two countries, for Cyber.
Cyber Fattah, who calls itself “Iranian Cyber -Command”, has a history of targeting Israeli and Western web -resources and government agencies.
As you know, it also cooperates with other threats operating in the region, for example, 313 teams that have claimed a common attack for the Social Media Platform Social Platform for US airfields at Iran’s nuclear facilities.
“This Cyber Fattah incident may indicate an interesting transition from the harmful activity of Israel, to wider attention to anti-Zash and anti-Saudi,” the reboot said.
Last week, the pro -Israeli group, known as a predatory sparrow (aka Adalat Ali, Gongeshka Darananda, Indra or Meteoroxpress), claimed that the data received from the Iran’s Ministry of Communications. Typically, this is too crackling The largest exchange of cryptocurrencies in Iran, Nobitex, and burned more than $ 90 million in cryptocurrency, sending digital assets to invalid wallets.
The Outpost24 cybersecurity campaign said the attackers may have had “access to internal documentation, which in detail about internal work of exchange and perhaps even authentication accounts” to remove the robbery or that it was an insider that worked with the group.
“It was not a financially motivated theft, but a strategic, ideological and psychological operation,” Lydia Lopez Sanz Sanz Sanz Researcher Lydia Lopez – Note. “Destroying, not allocating the funds, the threatening actor emphasized his goals: the dismantling of public confidence in the regime -related institutions, and signaled its technical advantage.”
Subsequently, on June 18, Iran’s television stream (short for Islamic Republic of Iran) was abducted to show pro -Israel and anti -Iranian government images. Irib claimed that Israel was behind the incident.
 |
| Image Source: Cyberknow |
Israel, on its part, has also been the goal of hacking Pro-palestine as Left commandlisted Several Israeli organizations On its site leakage databases, starting on June 14, 2025. They consisted of Delek Group, Yg New Idan and Aerodreams.
Another tendency observed in cyber -worm between Iran and Israel is the union of smaller hutors for umbrella formation, such as cyber -Islamic resistance or united cyber -Front for Palestine and Iran.
“These fluid -related cyber are shared resources and synchronize companies, enhancing their influence despite limited technical sophistication,” “Trustwave Spiderlabs” – Note In a report published last week.
The company also nominated another pro -Iranian group named Eat It is assumed that, despite the Praisn and Gommodnaya position, Russian members and communication with other Eastern European cyber communities include.
“What distinguishes Dienet from many other pro-Iri-actors is his hybrid identity,” the report said. “Linguistic analysis of Dienet messages, as well as temporary tags, metadata and a model of interaction, suggests that at least part of the group reports internally in Russian or uses Slavic resources.”
“This indicates a broader phenomenon of inter-regional cyber-creativity, where ideological alignment abolishes geographical or national boundaries.”
Group-IB, in analysis After June 13, after June 13, based on the telegram, Donets said the most reference that was cited 79 times during the period of time. Overall, more than 5800 messages were recorded through different Khactivist channels between June 13 and 20.
Deployment Cyber is the ability In the context of the Iran-Israel war, as well as other recent geopolitical events concerning Hamas-Israel and Russia-Ukraine, they demonstrate how digital operations are increasingly integrating kinetic actions, affect the perception of the public and violation of critical infrastructure.
