The Argentine Football Association (AFA) has reportedly suffered a security breach linked to an infostealer infection that dates back to September 2025. Cybersecurity firm Hudson Rock has indicated that the incident may have been orchestrated by disgruntled football fans following Argentina’s controversial victory over Egypt in the World Cup round of 16.
Details of the Breach
The breach was identified after mass emails were dispatched from legitimate AFA domains, accusing Argentina of “stealing” the win from Egypt. Hudson Rock discovered that the compromised device belonged to an AFA software developer who had been with the organization for nearly a decade. The infostealer infection had been recorded in Hudson Rock’s database shortly after it was detected.
Attackers and Their Methods
The group claiming responsibility for the attack, known as “All Egyptian Cyber Warriors,” either retained access credentials for nearly a year or sought them out after the World Cup match. Once they gained access to AFA systems, they reportedly had extensive administrative control, including access to phpMyAdmin database management panels and root access to various AFA databases.
Security Oversights and Consequences
Hudson Rock noted that the attackers exploited weak passwords that were reused across multiple internal systems. In addition to the unauthorized emails sent from AFA’s management portal, advertisements were found on cybercrime forums offering AFA data for sale. This data included internal email addresses, phone numbers, user roles, and access to AFA subdomains.
AFA’s Response
The AFA has acknowledged the potential unauthorized access and is currently investigating the situation with its IT team. They stated, “There is a possibility that our account has been subject to unauthorized access. We are currently working to clarify the situation and implement the necessary security measures.” Hudson Rock characterized the breach as a significant example of the risks posed by a single, unmitigated infostealer infection, highlighting the need for robust cybersecurity practices.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.







