Skip to main content
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

KELA Research Finds 4,300+ Fraudulent Domains and 1.5 Million Compromised AccountsTargeting 2026 FIFA World Cup

By: via GlobeNewswire
ⓘ This article is third-party content and does not represent the views of this site. We make no guarantees regarding its accuracy or completeness.

Tel Aviv, Israel, June 04, 2026 (GLOBE NEWSWIRE) -- TEL AVIV / NEW YORK — June 4, 2026 — KELA, a KELA Group company, is a global leader in Cyber Threat Intelligence (CTI), released today its report, 2026 FIFA World Cup: Threats & Predictions, a comprehensive analysis of the cyber threat landscape surrounding the tournament. The report documents a multi-layered threat environment targeting expansive digital infrastructure as well as host cities across the United States, Canada, and Mexico, drawing on intelligence from dark web forums, underground cybercrime markets, and KELA's proprietary threat monitoring platform. 

The 2026 tournament has an expanded format, with 48 teams competing in 104 matches across 16 cities, approximately 6.5 million ticketed attendances, and a global audience of billions. That scale creates a vast attack surface across a digital supply chain spanning third-party vendors, transportation networks, hospitality providers, cloud services, and municipal infrastructure across three countries. KELA's research finds that financially motivated actors are already operational, with over 4,300 suspicious or fraudulent FIFA-related domains registered since August 2025 and industrialized fraud campaigns targeting fans through fake ticketing portals, counterfeit visa services, and fraudulent hospitality platforms.

"Identity remains the most exploited entry point, and the World Cup concentrates that risk at a scale we have not seen before in a sporting event," said David Carmiel, CEO of KELA. "The volume of compromised credentials circulating on the dark web right now, combined with active listings for server access, means organizations connected to this tournament need to treat their credential exposure as an active threat, not a background risk."

Beyond financially motivated crime, the report identifies a geopolitical threat layer that extends well beyond the tournament itself. Ongoing conflicts across Russia-Ukraine, U.S.-Israel-Iran, and U.S.-China fault lines have made the World Cup a symbolic target for nation-state actors with distinct but equally serious objectives. The report identifies risks including Russian APTs focused on covert intelligence collection, Iranian state-aligned groups that are assessed as likely to target host-city critical infrastructure, and Chinese APT groups that have maintained long-term unauthorized access to North American water, energy, and telecommunications networks.

"The 2026 World Cup is the most complex convergence of geopolitical tension, critical infrastructure dependency, and global digital exposure we have seen tied to a single event," said Nir Barak, Founder and President of KELA Group."As a trusted source of cybercrime and cyber threat intelligence, KELA is proudly supporting the games at Federal, State and City levels to support law enforcement operations, enabling them to host a safe and secure experience for fans.” 

Additional Key Findings

  • Over 1.5 million FIFA-related compromised accounts are circulating on the deep and dark web, with more than 1.3 million containing plaintext passwords
  • Nearly 7,300 leaked credential instances were identified across official FIFA domains
  • Estimated losses linked to "Ghost Stadium," a single Chinese-speaking phishing campaign deploying a convincing clone of the official FIFA website, range from $71 million to $474 million 
  • In March 2026, a threat actor claimed to be selling RDP and cloud console access to FIFA servers in New York on a cybercrime forum
  • A 2024 infostealer infection at a Houston World Cup Host City Official Supporter exposed a FIFA remote access login page 

The full report, 2026 FIFA World Cup: Threats and Predictions, is available for download here.

About KELA

KELA is a global leader in proactive cyber defense, delivering an AI-centric unified exposure management platform consolidating Cyber Threat Intelligence (CTI), External Attack Surface Management (EASM), Continuous Threat Exposure Management (CTEM) and Third-Party Risk Management (TPRM) capabilities to empower security teams across the threat lifecycle. KELA is trusted by global brands and governments across North America, Asia, and Europe, and is part of the KELA Group. For more information, please visit https://www.kelacyber.com/.


Ben Kapon
Kela Research and Strategy
+972-52-6100006
benk@ke-la.com
Report this content

If you believe this article contains misleading, harmful, or spam content, please let us know.

Report this article

Recent Quotes

View More
Symbol Price Change (%)
AMZN  253.79
+3.77 (1.51%)
AAPL  311.23
+0.97 (0.31%)
AMD  523.20
-19.32 (-3.56%)
BAC  54.17
+1.77 (3.38%)
GOOG  369.27
+13.59 (3.82%)
META  627.57
+4.59 (0.74%)
MSFT  428.05
+0.71 (0.17%)
NVDA  218.66
+3.91 (1.82%)
ORCL  236.34
+6.01 (2.61%)
TSLA  418.45
-5.25 (-1.24%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.