{"id":289049,"date":"2026-07-13T08:02:00","date_gmt":"2026-07-13T12:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/"},"modified":"2026-07-13T14:55:09","modified_gmt":"2026-07-13T18:55:09","slug":"world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/","title":{"rendered":"World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/5270302\">World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/5270302\">https:\/\/www.theregister.com\/security\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/5270302<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-13 08:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p class=\"kicker \" style=\"\">Security<\/p>\n<p class=\"subtitle \" style=\"\">Footie fans? Overreacting? There&#8217;s a first time for everything<\/p>\n<p>Cybersecurity shop Hudson Rock says the suspected compromise of the Argentine Football Association (AFA) may be linked to an infostealer infection nearly a year earlier.<\/p>\n<p>The incident appears to be the work of an aggrieved football fan, or group of them, after Argentina eliminated Egypt from the World Cup round of 16.<\/p>\n<p>Egypt&#8217;s coach and football association complained about several refereeing and VAR decisions, which they said contributed to the result.<\/p>\n<p>The compromise of AFA&#8217;s systems was spotted after mass emails were sent from legitimate domains stating that Argentina &#8220;stole&#8221; the win from Egypt and that &#8220;the robbery will not go unnoticed.&#8221;<\/p>\n<p>Hudson Rock said it found evidence of an infostealer infection dating back to September 8, 2025, on a device belonging to an AFA software developer who had been employed at the governing body for nearly a decade.<\/p>\n<p>The security shop operates a database of known infostealer victims, and noted that the compromised machine was added to its database the following day.<\/p>\n<p>Whoever was behind the attack, which was claimed by &#8220;All Egyptian Cyber Warriors,&#8221; they either sat on the credentials for nearly a year, or sought them out after Egypt were controversially eliminated from the World Cup.<\/p>\n<p>Once they procured the credentials and authenticated themselves into the AFA&#8217;s systems, Hudson Rock said they &#8220;likely had profound administrative control.&#8221;<\/p>\n<p>This would have included direct access to phpMyAdmin database management panels, root access to certain AFA databases, access to the management portal of AFA&#8217;s training HQ, the AFA media portal, and its competition management system.<\/p>\n<p>After looking at the stolen credentials in their database, the researchers said that weak, easily guessable passwords were reused across several internal systems.<\/p>\n<p>In addition to the compromised emails sent from AFA&#8217;s management and&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/5270302\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection https:\/\/www.theregister.com\/security\/2026\/07\/13\/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection\/5270302&#8230;<\/p>\n","protected":false},"author":1,"featured_media":289050,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/image.theregister.com\/5270414.jpg?imageId=5270414&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,36],"class_list":["post-289049","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-infostealer"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289049"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=289049"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289049\/revisions"}],"predecessor-version":[{"id":289051,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289049\/revisions\/289051"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/289050"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=289049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=289049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=289049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}