Cyber Fattah Breach: Pro-Iranian Hackers Leak Saudi Games Athlete Data in Targeted Info Op

In a bold escalation of cyber-enabled information warfare, pro-Iranian hacking group Cyber Fattah has claimed responsibility for leaking thousands of sensitive records belonging to participants of the Saudi Games—a premier sports competition in the Kingdom of Saudi Arabia. The breach, revealed on June 22, 2025, included data dumps containing PII, bank information, passport scans, and medical documents of athletes, visitors, and officials.

According to Resecurity, this act was not just cybercrime but a politically charged information operation (IO) aimed at undermining Saudi Arabia’s regional influence and image ahead of global sporting ambitions.

Cyber Fattah announced the leak at 6:27 PM PST via their official Telegram channel, shortly after DDoS attacks on Truth Social, in retaliation for U.S. airstrikes on Iranian nuclear sites.

The attackers:

• Exploited phpMyAdmin to access backend databases
• Exfiltrated SQL files containing thousands of personal records
• Used a burner profile (‘ZeroDayX’) to distribute data on Dark Forums

“The actor known by the moniker ‘ZeroDayX’ used a recently created burner profile to distribute the stolen data across the Dark Web,” the report disclosures.

The breach reveals a wide scope of exposure, including:

• Names, emails, and phone numbers of athletes and visitors
• Passport and ID scans
• Bank records and IBAN certificates
• Medical examination forms
• Credentials belonging to IT staff and government officials

“The most concerning issue is the insecure storage of personal documents in the form of scans… targeted by threat actors.”

This information was submitted by participants and officials through the Saudi Games’ registration portal, making the database a prime target for espionage and blackmail.

Resecurity’s assessment points to Iran and its cyber proxies leveraging the breach as a part of a broader anti-Saudi, anti-US, and anti-Israel narrative.

“This is an example of Iran using data breaches as part of a larger anti-US, anti-Israel, and anti-Saudi propaganda activity in cyberspace.”

Amplification came from affiliated actors:

• Hezbollah and Hamas-linked media
• Telegram channels associated with the “Holy League”
• Hacktivist collectives like 313 Team, Cyber Islamic Resistance, and LulzSec Black

These groups have previously conducted operations targeting Israeli solar firms, U.S. digital infrastructure, and now, major Saudi events.

Cyber Fattah’s target selection was calculated. The Saudi Games is not merely a national sporting event; it is a key pillar of Saudi Vision 2030, intended to elevate the Kingdom’s global standing in sports.

“The Saudi Games is the largest national sporting event… featuring more than 53 sports, with over 6,000 athletes participating.”

By breaching such a symbolic event, threat actors aimed to:

• Damage the Kingdom’s reputation on the global stage
• Undermine upcoming mega-events like the Esports World Cup 2025, Gulf Cup 2026, and the 2036 Olympic bid
• Erode public trust in Saudi Arabia’s digital infrastructure

Related Posts:

• An oil factory in Saudi Arabia was damaged by malicious software
• DragonForce Ransomware Group Targets Saudi Arabia with Large-Scale Data Breach
• PipeMagic Trojan Exploits Fake ChatGPT App to Target Saudi Arabian Organizations