Top European football club, FC Barcelona had its official website used by scammers in a sophisticated third-party fraud campaign.
The threat actors used the website of the Catalonian club to increase traffic to a likely fraudulent iGaming website.
A suspicious-looking link leading to the website of Barca was discovered recently which led to an online gambling portal most likely meant for the Indonesian market.
However, the NS records of the subdomain under investigation were housed on Google Cloud DNS whereas the official website was hosted on Amazon Web Services (AWS).
TPRM report: https://scoringcyber.rankiteo.com/company/fc-barcelona
"id": "fcb2150301122",
"linkid": "fc-barcelona",
"type": "Ransomware",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Sports',
'location': 'Catalonia, Spain',
'name': 'FC Barcelona',
'type': 'Sports Club'}],
'attack_vector': 'Third-Party Website Exploitation',
'description': 'Top European football club, FC Barcelona had its official '
'website used by scammers in a sophisticated third-party fraud '
'campaign. The threat actors used the website of the '
'Catalonian club to increase traffic to a likely fraudulent '
'iGaming website. A suspicious-looking link leading to the '
'website of Barca was discovered recently which led to an '
'online gambling portal most likely meant for the Indonesian '
'market. However, the NS records of the subdomain under '
'investigation were housed on Google Cloud DNS whereas the '
'official website was hosted on Amazon Web Services (AWS).',
'impact': {'systems_affected': ['Official Website']},
'initial_access_broker': {'entry_point': 'Official Website'},
'motivation': 'Financial Gain',
'title': 'FC Barcelona Website Used in Third-Party Fraud Campaign',
'type': 'Fraud'}