2026 FIFA World Cup: Threats & Predictions

The world’s largest sporting event is also one of its largest attack surfaces. Across 16 host cities and a digital ecosystem spanning ticketing, hospitality, transportation, broadcasting, and hundreds of vendors, the 2026 FIFA World Cup is a magnet for nation-state espionage, industrial-scale fraud, and a dark web already trading the credentials and access that power attacks. KELA’s Cyber Intelligence Center maps the full threat landscape – and the controls organizers, host cities, sponsors, and law enforcement need before the June 11 kickoff.

6B+ projected viewers | 16 host cities
4,300+ fake FIFA domains · 1.5M+ compromised accounts
7,300+ leaked credentials

Inside the Report:

• Nation-state APTs: how groups aligned with Russia, Iran, and China target event infrastructure through espionage, pre-positioning, and influence operations.
• Industrial-scale fraud: cloned ticketing sites, fake visa and travel portals, hospitality scams, and 4,300+ lookalike domains — including the “Ghost Stadium” operation.
• Dark web exposure: 1.5M+ compromised accounts, 7,300+ leaked credential instances, high-risk SSO/ADFS identity exposure, and initial-access listings offered for sale.
• Supply-chain risk: how exposure across vendors, telecom, transport, and OT broadens the attack surface for host cities.
• Actionable recommendations: identity hardening, OT and vendor resilience, fraud and brand monitoring, and misinformation response.