🟠 High  |  Source: The Register — Security


Attackers apparently motivated by World Cup rivalry may have gained unauthorised access to the Argentine Football Association (AFA) using credentials stolen by an infostealer malware infection approximately a year prior. This highlights how dormant credential theft can be weaponised long after the initial compromise, with stolen session tokens or passwords sitting in criminal marketplaces until a motivated buyer acts. The incident underscores the persistent, slow-burn risk posed by infostealer infections even when the initial breach goes undetected.

Security Architect’s Take: Audit your organisation’s exposure to infostealer-harvested credentials by subscribing to a threat intelligence feed or dark web monitoring service — assume any credentials from an infected device are permanently compromised and enforce immediate rotation plus MFA on all privileged accounts. Implement continuous session token validation and anomaly-based detection to catch replayed stolen tokens before attackers can establish persistence.

Original advisory: World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection