Cyber Incident Victim: Circuit de Spa-Francorchamps
Date:
Mar 2024
Location:
Belgium
Summary
The website for the Spa-Francorchamps Grand Prix experienced unauthorized access resulting in the theft of email addresses. Attackers subsequently distributed fraudulent emails impersonating the organization, offering a counterfeit 50-euro voucher redeemable via a malicious link that directed recipients to a phishing page soliciting banking and credit card information. The entity's leadership publicly cautioned users against disclosing sensitive financial details through such communications, confirming they would never request such data via email. The incident combined data exfiltration with a financial fraud attempt leveraging stolen contact information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 1, 2024, the official website of the Spa-Francorchamps Grand Prix experienced a cybersecurity breach involving unauthorized access to its systems. Attackers compromised the site and exfiltrated an undisclosed number of user email addresses. Following the data theft, the perpetrators initiated a phishing campaign by sending fraudulent emails to the stolen addresses. These messages contained offers for a counterfeit 50 Euro voucher, falsely claiming recipients could redeem it on the Grand Prix website. The emails included malicious links directing users to a phishing page designed to mimic legitimate services.
Some recipients interacted with the links, leading them to web forms requesting sensitive financial information, including bank and credit card details. Spa Grand Prix General Director Vanessa Maes publicly addressed the incident, confirming the website compromise and subsequent phishing operation. She explicitly warned users against providing payment or personal data in response to these emails, emphasizing that the organization never solicits such sensitive information via email. The incident exposed users to potential financial fraud risks, though the full scope of compromised accounts or financial losses remained unquantified in initial reports. No additional technical details regarding the breach methodology, containment measures, or system restoration were disclosed by the sources available.