AGP Picks
View all

Russia Technology Times
Provided by AGP

KELA Research Finds 4,300+ Fraudulent Domains and 1.5 Million Compromised AccountsTargeting 2026 FIFA World Cup

Report also reveals alleged sale of internal server access targeting the tournament's North American digital infrastructure

Tel Aviv, Israel, June 04, 2026 (GLOBE NEWSWIRE) -- TEL AVIV / NEW YORK — June 4, 2026 — KELA, a KELA Group company, is a global leader in Cyber Threat Intelligence (CTI), released today its report, 2026 FIFA World Cup: Threats & Predictions, a comprehensive analysis of the cyber threat landscape surrounding the tournament. The report documents a multi-layered threat environment targeting expansive digital infrastructure as well as host cities across the United States, Canada, and Mexico, drawing on intelligence from dark web forums, underground cybercrime markets, and KELA's proprietary threat monitoring platform. 

The 2026 tournament has an expanded format, with 48 teams competing in 104 matches across 16 cities, approximately 6.5 million ticketed attendances, and a global audience of billions. That scale creates a vast attack surface across a digital supply chain spanning third-party vendors, transportation networks, hospitality providers, cloud services, and municipal infrastructure across three countries. KELA's research finds that financially motivated actors are already operational, with over 4,300 suspicious or fraudulent FIFA-related domains registered since August 2025 and industrialized fraud campaigns targeting fans through fake ticketing portals, counterfeit visa services, and fraudulent hospitality platforms.

"Identity remains the most exploited entry point, and the World Cup concentrates that risk at a scale we have not seen before in a sporting event," said David Carmiel, CEO of KELA. "The volume of compromised credentials circulating on the dark web right now, combined with active listings for server access, means organizations connected to this tournament need to treat their credential exposure as an active threat, not a background risk."

Beyond financially motivated crime, the report identifies a geopolitical threat layer that extends well beyond the tournament itself. Ongoing conflicts across Russia-Ukraine, U.S.-Israel-Iran, and U.S.-China fault lines have made the World Cup a symbolic target for nation-state actors with distinct but equally serious objectives. The report identifies risks including Russian APTs focused on covert intelligence collection, Iranian state-aligned groups that are assessed as likely to target host-city critical infrastructure, and Chinese APT groups that have maintained long-term unauthorized access to North American water, energy, and telecommunications networks.

"The 2026 World Cup is the most complex convergence of geopolitical tension, critical infrastructure dependency, and global digital exposure we have seen tied to a single event," said Nir Barak, Founder and President of KELA Group."As a trusted source of cybercrime and cyber threat intelligence, KELA is proudly supporting the games at Federal, State and City levels to support law enforcement operations, enabling them to host a safe and secure experience for fans.” 

Additional Key Findings

  • Over 1.5 million FIFA-related compromised accounts are circulating on the deep and dark web, with more than 1.3 million containing plaintext passwords
  • Nearly 7,300 leaked credential instances were identified across official FIFA domains
  • Estimated losses linked to "Ghost Stadium," a single Chinese-speaking phishing campaign deploying a convincing clone of the official FIFA website, range from $71 million to $474 million 
  • In March 2026, a threat actor claimed to be selling RDP and cloud console access to FIFA servers in New York on a cybercrime forum
  • A 2024 infostealer infection at a Houston World Cup Host City Official Supporter exposed a FIFA remote access login page 

The full report, 2026 FIFA World Cup: Threats and Predictions, is available for download here.

About KELA

KELA is a global leader in proactive cyber defense, delivering an AI-centric unified exposure management platform consolidating Cyber Threat Intelligence (CTI), External Attack Surface Management (EASM), Continuous Threat Exposure Management (CTEM) and Third-Party Risk Management (TPRM) capabilities to empower security teams across the threat lifecycle. KELA is trusted by global brands and governments across North America, Asia, and Europe, and is part of the KELA Group. For more information, please visit https://www.kelacyber.com/.


Ben Kapon
Kela Research and Strategy
+972-52-6100006
benk@ke-la.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Sign up for:

Russia Technology Times

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.