Threats to the 2026 FIFA World Cup

Key Points:

• The 2026 FIFA World Cup is at risk from various threats, including physical violence from local criminal organizations in Mexico, cyber exploitation by threat actors, and potential espionage from state-sponsored groups.
• Affected systems include event infrastructure, corporate sponsors, and attendees across the US, Mexico, and Canada. The concentration of high-profile individuals increases the risk of targeted attacks.
• Organizations involved should enhance physical security measures, monitor for cybercriminal activities like purchase scams and phishing attempts, and prepare for potential civil unrest.

Technical Details: Threat actors are leveraging World Cup branding for scams and phishing campaigns. Notable tactics include domain spoofing and social engineering to exploit public interest in the event.

MITRE ATT&CK Techniques:

• T1566 - Phishing (Initial Access)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1190 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned:

• None mentioned