Chinese Origin Threat Actors Target FIFA World Cup 2026
ID: ffeed58b-cdad-5c95-b03d-1b19366d10e8
STIX ID: report--ffeed58b-cdad-5c95-b03d-1b19366d10e8
Feed Name: CloudSEK Blog
CloudSEK's TRIAD discovered a large, active multi‑tenant phishing operation impersonating FIFA World Cup 2026 ticketing that combines typosquatted frontend clones, a Chinese‑language admin/payment backend (tbpay.uk), and tawk.to live chat to perform real‑time card skimming and OTP interception (enabling SMS 2FA bypass and account takeover). The report provides technical evidence (exposed PHP debug variables, database name fifa_ming, session logs), a list of IOCs (domains, IPs, tawk.to property ID), operator activity timestamps, and tailored recommendations for banks and consumers.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
