The 2025 Belgian Grand Prix is a prime target for cyberattacks and scams involving phishing, fake tickets, and counterfeit merchandise, affecting both fans and Formula 1 teams. High-profile incidents have demonstrated risks such as ransomware attacks and cyber espionage on teams like Ferrari and Mercedes-AMG Petronas. #RansomEXX #Ferrari #BelgianGrandPrix2025
Keypoints
- F1 teams collect sensitive telemetry and design data, making them targets for cyberattacks aiming to steal intellectual property and disrupt operations.
- Notable cyber incidents include ransomware attacks against Ferrari in 2023 and cyber intrusion attempts on McLaren, Mercedes-AMG Petronas, and Red Bull Racing between 2019 and 2020.
- Fans are targeted by phishing emails, fake ticket scams, social media giveaway frauds, dodgy streaming services, and counterfeit merchandise scams around the 2025 Belgian Grand Prix.
- Threat actors registered numerous fake domains impersonating official Grand Prix and Formula 1 websites to conduct phishing and malware distribution activities.
- F1 teams face sophisticated threats such as cyber espionage, ransomware, and network breaches that can impact race strategies and communications.
- Recommended fan protections include verifying ticket sources, enabling two-factor authentication, avoiding suspicious giveaways, and using secure streaming platforms.
- Teams should implement employee cybersecurity training, network segmentation, vulnerability scanning, third-party audits, and incident response plans to strengthen defenses.
MITRE Techniques
- [T1566] Phishing – Used to target fans with fraudulent emails impersonating Grand Prix organizers to steal personal information or payments (“threat actors infiltrated the Belgian Grand Prix’s official contact email, sending fraudulent emails to fans”).
- [T1588] Obtain Capabilities – Cybercriminals registered fake domains mimicking official sites to conduct phishing and distribute malware (“fake domains are used for phishing attacks, collecting personal and payment information”).
- [T1486] Data Encrypted for Impact – Ransomware attacks on teams such as Ferrari where the RansomEXX group stole internal documents and demanded payment (“Ferrari faced a ransomware group, RansomEXX”).
- [T1071] Application Layer Protocol – Fake streaming services mimicked legitimate platforms like F1 TV to steal login credentials or install malware (“cybercriminals offer fake streaming services that deliver malware or steal login credentials”).
Indicators of Compromise
- [Domain Names] Newly registered domains impersonating official F1 or Belgian Grand Prix sites – CHEERGRANDPRIX.COM, F1GRANDPRIXNEWS.COM, FORMULAGRANDPRIX.COM, and 12 more domains.
- [Email Account] Official Belgian Grand Prix contact email was hacked in 2024 and used for phishing campaigns targeting fans.