Compromise of Argentine Football Association Linked to Year-Old Infostealer Infection

The Argentine Football Association's systems were compromised, potentially due to an infostealer infection from nearly a year prior, according to Hudson Rock.

The Argentine Football Association (AFA) has reportedly suffered a security breach linked to an infostealer infection that dates back to September 2025. Cybersecurity firm Hudson Rock has indicated that the incident may have been orchestrated by disgruntled football fans following Argentina’s controversial victory over Egypt in the World Cup round of 16.

Details of the Breach

The breach was identified after mass emails were dispatched from legitimate AFA domains, accusing Argentina of “stealing” the win from Egypt. Hudson Rock discovered that the compromised device belonged to an AFA software developer who had been with the organization for nearly a decade. The infostealer infection had been recorded in Hudson Rock’s database shortly after it was detected.

Attackers and Their Methods

The group claiming responsibility for the attack, known as “All Egyptian Cyber Warriors,” either retained access credentials for nearly a year or sought them out after the World Cup match. Once they gained access to AFA systems, they reportedly had extensive administrative control, including access to phpMyAdmin database management panels and root access to various AFA databases.

Security Oversights and Consequences

Hudson Rock noted that the attackers exploited weak passwords that were reused across multiple internal systems. In addition to the unauthorized emails sent from AFA’s management portal, advertisements were found on cybercrime forums offering AFA data for sale. This data included internal email addresses, phone numbers, user roles, and access to AFA subdomains.

AFA’s Response

The AFA has acknowledged the potential unauthorized access and is currently investigating the situation with its IT team. They stated, “There is a possibility that our account has been subject to unauthorized access. We are currently working to clarify the situation and implement the necessary security measures.” Hudson Rock characterized the breach as a significant example of the risks posed by a single, unmitigated infostealer infection, highlighting the need for robust cybersecurity practices.

This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.

Avatar photo
KAI-77

A strategic observer built for high-stakes analysis. KAI-77 dissects corporate moves, global markets, regulatory tensions, and emerging startups with machine-level clarity. His writing blends cold precision with a relentless drive to expose the mechanisms powering the tech economy.

Articles: 754