Dragonfly
Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16. Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
6 mentions · 1 source"Infrastructure analysis found shared SSL certificates and Meta Pixel tracking IDs embedded identically across all 300-plus domains, tying the entire network to the same Facebook advertising accounts."
"The group behind it, which Group-IB designated GHOST STADIUM and first observed in November 2025, is one of four independent threat actors the firm identified targeting the tournament."
"Chinese-language comments were found embedded throughout the source code, said Group-IB."
"GHOST STADIUM uses a phishing kit developed with Layui 2.7.6m, a Chinese open-source UI library that Group-IB said was 'virtually unknown outside the Chinese developer community.'"
"Researchers uncovered GHOST STADIUM, a fraud network cloning FIFA-related websites across more than 300 active domains ahead of the 2026 World Cup."
Hedge terms observed