Online, thousands of personal records purportedly connected to athletes and Saudi Games attendees have been made public. According to cybersecurity firm Resecurity, database dumps from the breach were made public on Telegram on June 22,
2025.
With up to 119 hacktivist groups claiming to have carried out cyberattacks or made declarations to align with or act against the two countries, the leak occurs against the backdrop of simmering tensions between Iran and Israel. The company stated, "This is an example of Iran using data breaches as part of a larger anti-U.S., anti-Israel, and anti-Saudi propaganda activity in cyberspace." Credentials for IT personnel, official government email addresses, information about athletes and visitors, passports and ID cards, bank statements, medical forms, and scanned copies of sensitive documents are among the data that was compromised. Whether the attackers had "access to internal documentation that detailed the inner workings of the exchange and possibly even authentication credentials" is unknown.
Group-IB identified DieNet as another pro-Iranian organization. DieNet is thought to have ties to other Eastern European online communities and members who speak Russian. Between June 13 and June 20, over 5,800 messages were recorded on various hacktivist channels.
Currently, there are an estimated 120 active hacktivist groups. This includes the pro-Hamas Bangladesh Cyber Squad and nine pro-Russian hacktivism groups that back Iran. According to Trustwave, the use of cyber capabilities in the context of the Iran-Israel war and other recent geopolitical events involving the conflicts between Russia and Ukraine and Hamas and Israel shows how digital operations are increasingly being integrated to support kinetic actions, sway public opinion, and interfere with vital infrastructure.
According to Trustwave, there are currently 95 pro-Iranian organizations in operation.