FIFA World Cup expected to face extensive criminal, hacktivist cyber threats

https://www.cybersecuritydive.com/news/fifa-world-cup-criminal-hacktivist-cyber-threat/822638/

Publish Date: 2026-06-11 12:03:00

Source Domain: www.cybersecuritydive.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

The 2026 FIFA World Cup, which officially kicks off today, is expected to face a wave of cyber threat activity from actors seeking credentials and financial gain, while state-linked adversaries will pose a serious risk to disrupt the tournament.
The 39-day tournament is considered the largest sporting event in history, with a record 48 teams playing in 104 matches in 16 cities across the U.S., Mexico and Canada, marking the first time the games are being jointly hosted by three countries. The tournament starts today in Mexico City and will conclude on July 19 at MetLife Stadium in New Jersey.

FIFA expects more than 5 million fans to attend games, creating a massive attack surface for cyber threat activity or even violence. Researchers warn that financially motivated actors have already prepared to capitalize on the games.
Cybercriminal infrastructure
More than 10,000 World Cup-themed malicious domains have popped up since January, according to a report released Tuesday by Arctic Wolf. Social media posts are luring potential victims to sites on Discord, WhatsApp or Telegram, in order to spread malware or conduct other fraudulent activity.
“Attackers are using the World Cup as cover to run high-volume phishing operations against both fans and the organizations supporting the event,” Ismael Valenzuela, vice president of threat intelligence research at Arctic Wolf, told Cybersecurity Dive.
Beyond phishing attempts targeting the fan base, researchers found infrastructure aimed at event organizers. Fake career sites have been set up to steal Google Workspace accounts and a weaponized “employee handbook” PDF document was used to target staff at one host city, according to Arctic Wolf.
The FBI in May warned that threat actors were conducting spoofing attacks against the FIFA website. The spoofed websites may be used to collect personal data, conduct monetary fraud or launch additional attacks.
Geopolitical response
Beyond the theft of credentials and information, the larger threat may come from geopolitical adversaries.
“The most frequent and widespread risk is cybercriminal activity like ticketing scams, impersonation, QR-code fraud and even ransomware against supporting infrastructures,” said Justin Moore, senior manager of threat intel research at Palo Alto Networks’ Unit 42.
The most serious risk may come in the form of cyberattacks from state-aligned actors, Moore added.
Researchers said the possibility of distributed denial of service or other attacks from politically motivated actors are possible, but no specific threat activity has been identified.
The U.S., which has been at war with Iran since February, has seen an uptick in cyber threat activity targeting critical infrastructure, including utilities and energy companies.
The Cybersecurity and Infrastructure Security Agency said it has been working with federal, private sector and international partners to mitigate both cyber and physical risks related to the games.
“Today’s preparations for the World Cup will help strengthen our nation’s readiness for future events, including Freedom 250 and the 2028 Summer Olympics,” CISA acting Director Nick Andersen said.

CISA has conducted cyber and physical vulnerability assessments at 10 host stadiums as well as FIFA base camps, hotels and related critical infrastructure. In January alone, CISA conducted six exercises related to the games.
The agency earlier this year provided technical assistance to the 2026 Winter Olympics in Italy.