A threat actor claims to have breached the internal network of Riyadh Airports (RAC) in Saudi Arabia, gaining unauthorized access to critical management systems. To substantiate the breach, the actor released video footage and screenshots demonstrating the ability to navigate the airport’s “Control Panel” interface in real time.
The compromised system appears to be a web-based infrastructure management platform used for monitoring terminal operations, baggage handling systems, and security checkpoints. The video evidence shows the actor interacting with live dashboards, toggling between Terminal 3 and Terminal 4 views, and accessing sensitive configuration settings.
The exposure reveals detailed operational and technical data regarding the airport’s infrastructure. Based on the video and leaked images, the compromised information includes:
-
Live Infrastructure Status: Real-time monitoring of “Exit Gates” (1, 2, 3), “Baggage Carousels,” and “Tagging Stations” across multiple terminals.
-
3D Terminal Schematics: Interactive, rotatable 3D maps displaying the physical layout of Terminal 3 (RUH-T3) and Terminal 4 (RUH-T4), including arrival and service levels.
-
Passenger & Baggage Logs: Searchable “Tag Reports” containing specific “Tag IDs,” timestamps, and processing status (e.g., “Passed Exit Gate,” “Reject”).
-
Airline Data: Flight and baggage records associated with major carriers including Flynas, Middle East Airlines (MEA), Qatar Airways, and Turkish Airlines.
-
Network Configurations: Technical details such as internal IP addresses (192.168.100.x range), device ports (5084), and hardware controller IDs.
-
User & Role Management: Visibility into the “Manage Roles” section, exposing administrator and supervisor account structures.












