Category:
Adversary Intelligence |
Industry:
Entertainment |
Motivation:
Ambiguous |
Country:
Qatar |
Source*:
F6 |
Executive Summary
THREAT |
IMPACT |
MITIGATION |
- Hayya Cards are issued to match goers at the World Cup held in Qatar to avail multiple facilities
- A threat actor has shared an unverified tutorial on how the registration process of Hayya Cards could be misused using fraudulent information.
|
- Individuals without authorized FIFA match tickets can abuse the Hayaa Card to obtain the benefits associated with it.
- Bruteforcing attempts to input invalid ticket numbers enabling card registration
|
- Stringent verification practices to prevent match ticket number bruteforcing from the same IP/browser during the registration process.
- Monitor cybercrime forums for the latest tactics employed by threat actors.
|
Analysis and Attribution
Information from the Post
- CloudSEK’s contextual AI digital risk platform XVigil has spotted an advertisement where a short tutorial is provided on how the Hayya Card registration facility could be misused by threat actors to create multiple copies of the card.
- These cards are exclusively meant for International fans visiting Qatar for the World Cup.
- A Hayya Card can assist the World Cup match goers, in the following ways:-
- Entry permit to Qatar
- Stadium Access
- Free Metro Access
- Free Bus Access
- Access to Fan Events
- Access to Discounts
- Free SIM Card
[caption id="attachment_22004" align="alignnone" width="1313"]

Threat actor’s post on the forum - with instructions on how the Hayaa registration process can be misused[/caption]
- The Hayya Card is a facility for all International citizens visiting Qatar on the onset of the upcoming World Cup. The card is designed to make the overall experience smooth by enabling it’s registration on the domain - https[:]//hayya[.]qatar2022[.]qa/
- This tutorial was posted to the ‘Doxxing Tutorials’ section of the English speaking cybercrime forum where the contents of the post is revealed to those who comment on it.
Registration Process of the Hayya Card
- The official YouTube channel for the FIFA World Cup Qatar goes under the name of ‘Qatar2022’ - with 305K subscribers. The channel has posted two video demonstrations on how an international fan visiting Qatar, for the World Cup can register for the Hayaa Card on the portal - https[:]//hayya[.]qatar2022[.]qa/
- The card registrant should enter the following PII details, in order to avail the card:-
- Match Ticket type
- Ticket Application Number
- Passport Copy
- Date of Birth
- Contact Information
- Address details
Misusing the Ticket number to issue multiple digital Hayaa Cards
- According to the threat actor, the match ticket number follows a notation of having it's first 3 digits as 300 followed by 4 random digits. This claim can be assessed with low confidence.
- By spamming numbers in the mentioned format, there is a risk of multiple Hayaa cards being generated in a fraudulent manner.
Threat Actor Activity and Rating
Threat Actor Profiling |
Active since |
October 2022 |
Reputation |
Low (Multiple complaints and concerns on the forum) |
Current Status |
Active |
History |
- First recorded activity on the forum
- The actor can be contacted via Telegram
|
Rating |
F6 (F: Reliability Unknown; 6: Difficult to Say) |
References