The Fédération Internationale de Football Association (FIFA), the sport’s global governing body uses the official domain: www.fifa.com. Threat analysts have recently identified several domain squatting efforts using the following registered domains:
- fifa.com.co
- fifa-rules.25u.com
- fifaregionalprojects.org
- fifa2015fifa.publicvm.com
The domain fifa-rules.25u.com has been previously identified as being associated with the Turla Advanced Persistent Threat reported on by the researchers at Kaspersky.
A Chinese-registered LLC known as TwoStooges LLC is the threat actor that is the subject of a legal ruling at the National Arbitration Forum. This is the same threat actor that is responsible for the registration of the fifa.com.co domain squatter.
A Nigerian scam artist by the name of Modestus Chukwuezi using the email address of mod5ino6@gmail.com is the party responsible for registering fifaregionalprojects.org
Most pernicious of all is the backdoor that is hard-coded into fifa2015fifa.publicvm.com identified by 25 of 56 anti-virus research firms to be malicious ( VirusTotal SHA256 detail ).
Researchers at the Sports-ISAO urge sports fans to avoid going to these sites. IT professionals protecting the networks of soccer teams should blacklist the aformentioned domains.
You must be logged in to post a comment Login