The Argentine Football Association (AFA) breach was highly likely triggered by an infostealer infection on a developer’s machine that had administrative access to internal systems. Stolen credentials later enabled database theft, leaked internal records, and malicious emails sent from legitimate AFA domains. #ArgentineFootballAssociation #AFA #Infostealer
Keypoints
- The AFA cyberattack likely began with an infostealer infection on a developer’s computer.
- Stolen credentials provided direct access to phpMyAdmin and other internal AFA systems.
- Attackers likely exfiltrated sensitive database records, including staff and partner data.
- Compromised access to afasistemas.com.ar was used to send malicious emails from legitimate AFA servers.
- The incident shows how dormant stolen credentials can lead to major operational and reputational damage.