A large-scale IPTV piracy network has been uncovered involving over 1,000 domains and 10,000 IP addresses. This illicit operation is orchestrated by entities including two companies, XuiOne and Tiyansoft, which profit from hosting and distributing pirated streaming content. The network infringes on the intellectual property rights of more than 20 major streaming brands such as Prime Video, Disney Plus, and Netflix. The piracy infrastructure is linked to the Stalker Portal project, a known IPTV middleware platform often exploited for unauthorized streaming services. An individual named Nabi Neamati, located in Herat, Afghanistan, is reportedly a key figure in the network's operations. The piracy ecosystem generates billions of dollars annually and exposes end users to significant risks including financial fraud and malware infections. The network's extensive footprint across thousands of IPs and domains demonstrates a highly organized and resilient cybercrime campaign. The identified domains (e.g., iptvadvice.com, jvtv.xyz, tiyansoft.com, xuione.com) serve as indicators of compromise and infrastructure components facilitating illegal streaming. While no direct software vulnerabilities or exploits are noted, the campaign represents a significant threat to digital content providers and consumers by undermining revenue streams and distributing potentially harmful software through pirated IPTV services.

For European organizations, particularly media companies and streaming service providers, this piracy network poses a multifaceted threat. The unauthorized distribution of copyrighted content leads to substantial revenue loss and damages brand reputation. Pirated IPTV services often bypass regional content licensing restrictions, undermining the European digital single market and complicating enforcement of intellectual property laws. Additionally, European consumers accessing these pirated services face increased risks of malware infections and financial fraud, which can lead to broader cybersecurity incidents affecting personal and corporate networks. The scale and sophistication of the network suggest potential for further exploitation, such as using compromised IPTV apps or infrastructure to deliver malware or conduct phishing campaigns targeting European users. Furthermore, the presence of infrastructure linked to this network within or accessible from Europe could expose ISPs and hosting providers to legal and operational risks. The campaign also complicates efforts by European law enforcement and industry coalitions to combat digital piracy and protect the integrity of the media ecosystem.

European organizations should implement a multi-layered approach to mitigate the impact of this IPTV piracy network. Media companies must enhance digital rights management (DRM) and employ advanced watermarking techniques to trace and disrupt pirated streams. Collaboration with cybersecurity firms and threat intelligence platforms to monitor and block identified malicious domains and IP addresses (such as those listed in the indicators) is critical. ISPs and hosting providers should deploy DNS filtering and network traffic analysis to detect and restrict access to known piracy infrastructure. Consumer education campaigns are essential to raise awareness about the risks of using unauthorized IPTV services, emphasizing potential malware and fraud threats. Legal actions targeting the identified companies (XuiOne, Tiyansoft) and individuals involved should be pursued in coordination with international law enforcement. Additionally, European organizations should monitor for emerging threats linked to the Stalker Portal project and related IPTV middleware vulnerabilities, applying patches and security controls as needed. Finally, integrating piracy threat intelligence into security operations centers (SOCs) will enable proactive detection and response to related cyber threats.