In 2018, the APT-C-23 organization carried out cyber-attacks by disguising attack samples as World Cup live streaming apps, and this year the 360 Beacon Labs also found attack samples disguised as World Cup-related apps to launch attacks against Arabic users, and as of now (December 9, 2022). It was discovered that more than 1,000 devices have been infected, mainly in Israel and Palestine.

According to the attackers' claims, they launched attacks against more than 6,000 users in the world using their false apps. The APT-C-23 has on multiple occasions targeted people and organizations within both Palestine and Israel. Attackers targeted several enterprises within Palestine, such as some banks and government bodies, including Palestinian security agencies.

The attackers also targeted Israeli government institutions in Jerusalem along with organizations in other parts of Israel: restaurants, coffee shops and tech companies. Within Israel itself, there are reports of attacks on military bases.

In addition to targeting Palestinian organizations, APT-C-23 also targeted a number of Israeli organizations, including, amongst other things, the Israel Ministry of Defense and Ministry of Foreign Affairs. While this is not in itself unusual for cyber-attack campaigns, as APT-C-23 has been suspected of conducting attacks against Israel in the past, the fact that this coincided with a large-scale event such as the World Cup is curious.

The attackers have also targeted several Arab countries: Afghanistan, Algeria, Bahrain, Jordan, Lebanon and Sudan.

‍

Source: Attacks in the Palestinian-Israeli region surrounding the World Cup in Qatar - AlienVault - Open Threat Exchange