By JAMES GENN JUNE 19, 2026 15:59 As the FIFA World Cup continues, soccer fans from around the world, including Israel, will be benefiting from the protection that Israeli companies have provided to aid authorities in ensuring that the largest sporting event in the world runs smoothly.
Israeli companies have been, and still are, involved in protecting the tournament against hackers, scammers, and other cyber threats, as well as the risk of drone attacks, coordinating with authorities on a local, national, and international level.
One such company, KELA Group, referred to the World Cup , which is ongoing in the US, Mexico, and Canada, as the “largest digital battlefield in history.”
According to KELA, the event features an “enormous digital attack surface,” as approximately 6.5 million ticketed attendees are expected throughout the weeks-long event, as well as a worldwide viewing audience, possibly reaching six billion.
The tournament, KELA says, relies on a “massively interconnected digital supply chain involving third-party vendors, transportation, hospitality, and cloud services.” This means that the failure of even a minor link in the chain could disrupt core parts of the operations, the company said.
OR LEV, KELA Group’s vice president of solution engineering. (credit: KELA Group) KELA noted that geopolitics has an effect on state actors attempting to disrupt events. This has been seen with Russian and Iranian threat actors using intelligence and psychological warfare.
KELA Group noted that in past events, Russian hacktivists, including APT28, have focused on covert intelligence collection, while Storm-1679 used AI-generated voices of celebrities to incite fear.
Meanwhile, Iranian Advanced Persistent Threat (APT) actors have targeted critical infrastructure, with the Israeli company highlighting that Handala wiped over 200,000 systems at a US medical tech company, Stryker, and doxxed (revealed personal information of) FBI Director Kash Patel .
Another Iranian group claimed that it succeeded in gaining access to operational technology at a water company in Missouri, attempting to prove its capability to target critical infrastructure.
The KELA Group, in efforts to mitigate these threats, has been monitoring the Dark Web and communicating with authorities, mostly in the US, in order to share information that could highlight risks to the FIFA World Cup’s operations, largely ticket scams and fraudulent website links.
KELA Group senior explains monitoring system
Or Lev, KELA Group’s vice president of solution engineering, spoke to The Jerusalem Post recently to discuss the work that the company has been doing around the World Cup’s cybersecurity.
She explained how the organization monitors for hacktivists, nation-states, and APTs that will support their agenda and political motivation by trying to gather intelligence.
Government-run APTs, Lev said, “usually try to attack critical infrastructure, conduct espionage, and gather intelligence.”
These APTs target events to cause as much damage as possible, she explained.
Another motivation, however, is financial. Lev reiterated the scale of the World Cup’s ticket chain, noting that this motivates threat actors to carry out attacks for financial gain, including targeting ticketing platforms and creating fake websites that appear to be official in order to fool well-meaning customers into giving away their money.
Beyond phishing scams and spoofed FIFA domains, however, threat actors are also targeting transportation networks that support events, as attendees need to travel to stadiums. Another target vector attacks telecommunications and media networks, given the widely broadcast aspects of the tournament.
A FIFA World Cup Trophy is put on display right before a FIFA World Cup 2026 match between the US and Paraguay at Los Angeles Stadium in June. (credit: MB Media/Getty Images) “We need to try to think all the time where these types of groups of threat actors might try to cause damage and to serve their agenda,” Lev said.
Additionally, Chinese activists continue to pose a threat, KELA Group highlighted, noting that a majority of Beijing’s agents focus on gaining access to, and disrupting, utility and telecoms infrastructure.
One such APT gained access to nine different telecom companies, including AT&T and Verizon, maintaining access for approximately five years and selling data.
“Imagine that they have this type of access and then, at the time of the event, they can just shut down the entire telecom network,” Lev stated.
“When looking into these events, we are more alert,” she said.
“When you know the way that they normally operate, how they normally gain access, you can prepare for that and block the entry points,” she explained.
Compromised acccounts, identity leaks, prominent hacking vectors
Important attack vectors to look at include compromised accounts and identity leaks, Lev told the Post .
“We can see over 1.5 million such accounts available right now out t…
Read the full article at The Jerusalem Post →
IL