Security04:09 · 3h ago

Widespread Cyber Threats Target 2026 World Cup Infrastructure and Host Cities

WallaCenter
Translated & summarized from Walla by baba
The story · English

Cybersecurity firm KELA has released a report highlighting extensive cyber threats surrounding the 2026 FIFA World Cup, currently underway across the United States, Canada, and Mexico. The report, based on data from dark web forums, cybercrime markets, and KELA's monitoring systems, reveals that attacks are aimed both at the tournament's digital infrastructure and the host cities. The 2026 World Cup is the largest in history, featuring 48 teams, 104 matches in 16 cities, approximately 6.5 million stadium attendees, and billions of global viewers, creating a vast attack surface including third-party vendors, transportation systems, hotels, cloud services, and urban infrastructure across three countries.

Since August 2025, over 4,300 suspicious or fake domains related to the tournament have been detected, alongside fraud campaigns involving counterfeit ticket sites, fake visa services, and impersonated hosting platforms. More than 1.5 million FIFA-related accounts circulate on the dark web, with over 1.3 million exposing passwords. Additionally, around 7,300 leaked credentials are linked to official FIFA domains. A phishing campaign named "Ghost Stadium," which mimicked FIFA's official website, reportedly caused financial damages estimated between $71 million and $474 million.

Israeli cybersecurity company BrandShield noted thousands of domains exploiting the names of top football stars to deceive fans seeking tickets, merchandise, or tournament-related giveaways. Lionel Messi is the primary target with 2,443 suspicious domains, followed by Cristiano Ronaldo with 2,203 and Kylian Mbappé with 781. In March, cybercriminal forums offered remote access to FIFA servers in New York, and in 2024, an Infostealer malware infection was detected in an official entity in Houston, exposing remote access paths to FIFA systems.

Beyond financially motivated cybercrime, the report identifies geopolitical threats linked to tensions between Russia and Ukraine, Israel and Iran, and the US and China. Russian groups are expected to focus on intelligence gathering, Iranian actors may target critical infrastructure in host cities, and Chinese groups reportedly maintain long-term access to water, energy, and communication networks in North America, reminiscent of Russian cyber activities during a past Winter Olympics.

KELA CEO David Carmiel emphasized that digital identity remains the most exploited entry point for attackers, and the scale of stolen credentials circulating now demands that all organizations involved in the tournament treat credential exposure as an active threat rather than a background risk. KELA is collaborating with federal, state, and city law enforcement agencies across the US to ensure the secure and safe conduct of the World Cup games.

Read the original at Walla
Open the live terminal