Cyber Fattah Exposes Data from Saudi Games in Suspected Iranian Operation

Thousands of personal records linked to athletes and attendees of the Saudi Games have been compromised due to a cyber-attack attributed to the pro-Iranian hacktivist group known as Cyber Fattah.

The breach was disclosed on June 22, 2025, when the group released SQL dump files obtained through unauthorized access to phpMyAdmin systems. This incident marks an alarming trend of politically motivated cyber-attacks targeting significant regional events.

The leaked data encompasses scans of passports and identification cards, medical certificates, International Bank Account Numbers (IBANs), along with credentials of IT staff and government officials. Insights from Resecurity suggest that this breach aligns with a broader information operation driven by Iranian entities aimed at promoting anti-US, anti-Israel, and anti-Saudi narratives across cyberspace.

What distinguishes this incident is its strategic timing and geopolitical context. The announcement of the leak coincided with distributed denial-of-service (DDoS) attacks on Truth Social, following recent U.S. airstrikes targeting Iranian nuclear sites. Analysts interpret the data leak as a calculated escalation in a coordinated campaign employing cyber tactics to undermine regional stability.

The compromised data is believed to have originated from the registration platform for the Saudi Games 2024, which manages sensitive information submitted by over 6,000 athletes participating in 53 sports. Cyber Fattah framed this cyber offensive as a form of retaliation against perceived regional adversaries, amplifying the narrative through associated channels, including propaganda networks linked to Hezbollah and pro-Iran factions.

The individual behind the leak, identified by the alias “ZeroDayX,” utilized a disposable profile for disclosing the data on the dark web. According to Resecurity, this method is frequently adopted by nation-state actors and their proxies to obscure direct attribution.

Targeting Sports for Strategic Gain

Major sporting events have increasingly emerged as primary targets for cyber-attacks, presenting opportunities for:

• Accessing vast personal and financial data
• Deploying ransomware
• Facilitating geopolitical messaging
• Exploiting vulnerabilities in connected infrastructure
• Gaining access to high-profile individuals and sponsors

The breach at the Saudi Games recalls previous cyber incidents against global events, emphasizing the pressing need for enhanced cyber resilience within the sports sector.

Saudi Arabia’s Cybersecurity Challenge

While the date for the 2025 Saudi Games remains unconfirmed, the Kingdom is gearing up to host significant events such as the Esports World Cup, the 2026 Gulf Cup, and potentially the 2036 Olympics. These forthcoming events underscore the vulnerability of the region to cyber actors seeking to disrupt or damage Saudi Arabia’s international reputation.

Resecurity has recommended that stakeholders implement digital identity protection (IDP) solutions and cyber-threat intelligence (CTI) platforms to monitor, identify, and respond to compromised credentials and sensitive information. These tools are integral for early detection of breaches, mitigation of third-party risks, and reinforcement of digital infrastructure against evolving threats.