FIFA World Cup 2026: Pre-Event Threat & Security Intelligence Briefing

Full Threat Landscape Assessment — 23 Days to Kickoff

Report ID
C6S-FIFA-WC26-001

Classification
TLP:GREEN

Date
19 May 2026

Assessment Period
11 Jun – 19 Jul 2026

Analyst Team
C6S CTI Practice (Full Agent Deployment)

Confidence Basis
OSINT Only — Admiralty Rated

Sources
45+ (Government, Commercial TI, Academic, Media)

Predictions
10 Calibrated Assessments

Contents

Executive Summary
Event Overview & Scope
Threat Landscape Overview
Threat Actor Profiles
Threat Vectors
Cyber Threat Environment
US Venue Risk Assessment
Seattle / Pacific Northwest Focus
Security Posture & Gaps
Predictive Assessments
Intelligence Gaps
Sources & Methodology

Executive Summary

Bottom Line Up Front

The 2026 FIFA World Cup faces the most complex threat environment of any sporting event in modern history. The convergence of active US-Iran military conflict (Operation Epic Fury, 28 February 2026), ISIS propaganda campaigns explicitly calling for mass casualty attacks at the tournament, unprecedented cyber-criminal infrastructure already deployed at scale, domestic political polarization manifesting as boycott and protest movements, and the logistical challenge of securing venues across three sovereign nations creates a threat surface without precedent.

No specific, credible plot has been publicly identified as of this assessment date. However, the aggregate threat level is ELEVATED across all vectors, with cyber operations and consumer fraud assessed as ALREADY ACTIVE.

Iranian State & Proxies HIGH

Active military conflict creates unprecedented retaliatory motive. IRGC proxy networks with documented US presence. FBI on high alert for sleeper cell activation.

ISIS / IS-Inspired HIGH

Explicit propaganda calling for mass casualty attacks at WC26. Decentralized inspiration model. Historical pattern of targeting major sporting events.

Lone-Actor Attack HIGH

JCAT identifies as most probable attack modality. Fan zones and transit hubs represent extensive soft-target surface. WHCD shooting demonstrates persistent risk.

Cyber Operations HIGH — ACTIVE

9,741 domain registrations in April alone (5x Qatar 2022). 130,000 infostealer logs with FIFA credentials. Infrastructure already deployed and operational.

Organized Crime (Mexico) HIGH

CJNG retaliatory violence wave. Puebla mass shooting (18 May). Express kidnapping trend "unmistakably upward." Mexico deploying 100,000 security personnel.

Consumer Fraud HIGH — ACTIVE

75+ lookalike ticket fraud domains operational. 500M+ ticket requests vs. 7M tickets. ICE seized 276,000+ counterfeit items ($33M MSRP).

Civil Unrest / Protest ELEVATED

120+ civil society groups issued US travel advisory. Active boycott movements (25,800+ members). ICE dual-role as enforcement and event security creates flashpoint.

UAS / Drone Threats ELEVATED

FIFA flagged drones as "among most consequential" threats. Counter-UAS deployed across ~70% of US states. $625M in funding still not distributed.

Domestic Extremists ELEVATED

Right-wing accelerationist, left-wing anarchist, and single-issue extremist movements. Online radicalization pipelines feeding rapid attack planning.

Football Hooliganism MODERATE

European ultra groups and Latin American barras bravas. US/Canada lower baseline risk. Mexico host cities carry elevated risk from Liga MX history.

Event Overview & Scope

Tournament Parameters

48 national teams competing across 16 host cities in three nations. 104 matches over 39 days. An estimated 5.5+ million in-person attendees and 5+ billion global television viewers. The largest FIFA World Cup in history by every metric.

Host Nations & Cities

Country	Cities	Venues	Matches
United States (11)	Seattle, San Francisco, Los Angeles, Kansas City, Dallas, Houston, Atlanta, Miami, Philadelphia, New York/NJ, Boston	11 NFL/MLS stadiums	78 (incl. Final)
Mexico (3)	Mexico City, Guadalajara, Monterrey	3 stadiums	13 (incl. Opener)
Canada (2)	Toronto, Vancouver	2 stadiums	13

Key Dates

11 June 2026

Opening Match — Mexico City, Estadio Azteca (87,523 capacity)

15 June 2026

Seattle Match 1 — Belgium v Egypt, Lumen Field (68,740 capacity)

19 June 2026

Seattle Match 2 — Group stage TBD, Lumen Field

24-26 June 2026

Seattle Matches 3-5 — Group stage and early knockout rounds

4 July 2026

Quarterfinals — Multiple US venues (coincides with Independence Day)

8-9 July 2026

Semifinals

19 July 2026

Final — MetLife Stadium, New York/NJ (82,500 capacity)

Scale Comparison

The 2026 tournament is 50% larger than any previous World Cup (48 teams vs. 32). The geographic footprint spans 3 sovereign nations and 4 time zones. Security coordination complexity is without precedent—no prior mega-event has required simultaneous multi-national perimeter defense at this scale.

Threat Actor Profiles

1. Iranian State & Proxy Networks

Admiralty Rating: B2 (Usually Reliable / Probably True) — Threat Level: HIGH

Context: On 28 February 2026, the US and Israel launched Operation Epic Fury—nearly 900 strikes in the first 12 hours targeting Iran's nuclear facilities, military infrastructure, and leadership. Supreme Leader Ali Khamenei was killed in an Israeli air strike. Iran launched retaliatory missile and drone strikes targeting US embassies, military installations, and oil infrastructure. FBI Director placed the bureau on high alert, mobilizing counterterrorism resources.

Domestic Presence: GWU Program on Extremism documented 142 prosecuted individuals tied to Hezbollah networks in the US since 2000. Activity clusters: Michigan (55 cases, Dearborn/Detroit), California (19), New York (15), North Carolina (16, Charlotte smuggling rings).

Assessed TTPs: Activation of pre-positioned operatives (sleeper cells); cyberattacks on transportation and critical infrastructure (DDoS, ransomware, wipers); surveillance and targeting of officials and Israeli interests; influence operations amplifying boycott narratives; proxy activation through Hezbollah networks in the Americas.

Key Indicator: Former FBI special agent assessed with "fairly confident" judgment that Iranian operatives or surrogates are already positioned within the United States. Previous Hezbollah operative Kourani conducted surveillance of New York and Toronto airports and FBI/Secret Service/military facilities.

2. ISIS / Islamic State & Affiliated Networks

Admiralty Rating: B2 (Usually Reliable / Probably True) — Threat Level: HIGH

Direct Threat Messaging: ISIS monthly propaganda magazine has named the 2026 FIFA World Cup as a priority target, explicitly calling for "mass casualty" attacks. This follows a historical pattern of targeting major sporting events (2018 Russia World Cup, Euro 2024 Germany).

Attack Modality: Decentralized inspiration model. Vehicle-ramming against fan zones and crowd queuing areas; edged weapon attacks in transit hubs; suicide vest/IED deployment (Stade de France 2015 model—thwarted by security screening); firearms attacks at soft targets outside secured perimeters.

Assessment: While ISIS's operational capability in North America in 2026 is uncertain, the inspiration model requires only a single motivated individual to produce a mass casualty event. The gap between aspirational propaganda and operational capability is the critical unknown.

3. Domestic Violent Extremists

Admiralty Rating: C3 (Fairly Reliable / Possibly True) — Threat Level: ELEVATED

Actor Categories: Right-wing accelerationist movements; anti-government militia groups; left-wing anarchist/anti-capitalist groups; single-issue extremists (anti-immigration, anti-globalization); online-radicalized lone actors.

Context: The WHCD shooting (25 April 2026) by Cole Tomas Allen—who breached a security checkpoint at the Washington Hilton with a long gun and shot a Secret Service officer—demonstrates the persistent lone-actor threat in the current domestic environment.

Key Indicator: Intelligence report (September 2025) described an online post encouraging attacks on railroad infrastructure during the World Cup. No specific plots identified, but online chatter persists across multiple extremist ideologies.

4. Organized Protest & Civil Disruption Movements

Admiralty Rating: A2 (Completely Reliable / Probably True) — Threat Level: ELEVATED

Active Campaigns:

Boycott USA 2026: Dedicated website, 25,800+ Facebook group members
CODEPINK: Petition to FIFA President demanding relocation of US matches, citing ICE enforcement
50501 Movement: Planning demonstrations during tournament period
120+ Civil Society Groups (ACLU, Amnesty International-led coalition): Formal US travel advisory issued 23 April 2026 warning of rights violations
International Solidarity: 174,000+ Dutch signatures urging national team withdrawal

Catalysts: ICE shooting of Nicole Good in Minneapolis (February 2026); ICE announced agents would play "key part" in World Cup security; Visa Bond Pilot requiring up to $15,000 bonds from nationals of 50 countries; broader immigration enforcement environment.

5. Organized Crime & Cartel Networks (Mexico)

Admiralty Rating: B2 (Usually Reliable / Probably True) — Threat Level: HIGH (Mexico venues)

CJNG Retaliatory Violence: Following the killing of cartel leader "El Mencho" by security forces in February 2026, the Jalisco New Generation Cartel launched a wave of retaliatory violence in the Guadalajara corridor—one of three Mexican host cities.

Assessed TTPs: Express kidnappings targeting foreign visitors (trend "unmistakably upward" per Ackerman Group); virtual kidnapping and extortion schemes; armed robbery and carjacking (risks increase after dark); retaliatory violence in Guadalajara.

Key Indicator: Puebla mass shooting (10 killed, 18 May 2026) just 200km from the Mexico City opener venue. Mexico deploying 100,000 security personnel (National Guard, police, private security). President Sheinbaum ordered immediate security reinforcement at archaeological sites and tourist destinations.

6. Football Hooligans & Ultra Groups

Admiralty Rating: B3 (Usually Reliable / Possibly True) — Threat Level: MODERATE

Actor Categories: European ultra groups (organized firms from England, Germany, Poland, Serbia, Argentina); Latin American barras bravas (Mexican Liga MX-affiliated groups); emerging MLS/NWSL fan violence trends.

Assessed TTPs: Encrypted messaging coordination (Telegram, Signal) for pre-planned confrontations; reconnaissance of rival groups and off-site meetup locations; targeting of "soft zones"—bars, transit systems, fan festivals; pyrotechnic deployment; property destruction during post-match periods.

Assessment: US/Canada carry lower baseline risk for organized hooliganism, but Philadelphia, Miami, and LA are flagged for potential incidents. Mexico host cities carry elevated risk based on Liga MX history (Queretaro-Atlas: 26 injured).

Threat Vectors

Vector	Risk	Probability	Impact	Status
Lone-Actor Kinetic Attack (Soft Targets)	HIGH	Likely	Catastrophic	Persistent threat
Iran-Directed or Inspired Attack	HIGH	Realistic Possibility	Catastrophic	Active posturing
Cyber Operations (Disruption & Exploitation)	HIGH	Almost Certain	Moderate-High	ACTIVE
Consumer / Ticket Fraud	HIGH	Confirmed Active	Moderate	ACTIVE
Organized Crime (Mexico Venues)	HIGH	Almost Certain	Moderate-High	Active violence
UAS / Drone Threats	ELEVATED	Realistic Possibility	High	Countermeasures deploying
Civil Unrest / Mass Protest	ELEVATED	Almost Certain	Moderate	Active mobilization
Hooliganism / Fan Violence	MODERATE	Likely	Low-Moderate	Monitoring

Critical Vulnerability: Soft Target Surface

Fan zones, watch parties, transit queuing areas, and hotel districts represent the primary soft-target attack surface. Attackers have unrestricted access to gatherings beyond secured perimeters. Fan zones can host 30,000–50,000 attendees with limited security screening. Historical precedents: 1996 Atlanta Olympics pipe bomb (2 killed, 111 wounded), 2015 Stade de France suicide bomber, 2017 Manchester Arena bombing (22 killed), Boston Marathon bombing (3 killed, 264 wounded).

Cyber Threat Environment

Assessment: Cyber operations against the World Cup are not theoretical—they are already underway

The infrastructure is built, the credentials are harvested, and the domains are registered. This is the most active pre-event cyber threat landscape ever observed for a sporting event.

9,741

Domain registrations
April 2026 alone

Peak volume vs.
Qatar 2022

130K

Infostealer logs
with FIFA credentials

2,500+

Exposed email/
password pairs

Typosquatting domains
on 14 coordinated IPs

276K+

Counterfeit items
seized by ICE

State-Sponsored Cyber Actors

Actor	Motivation	Capability
Iran (APT33, APT34, APT35)	Retaliation for Operation Epic Fury	HIGH
Russia (APT28, APT29, Sandworm)	Geopolitical disruption, Ukraine-related	HIGH
China (APT41, Volt Typhoon)	Intelligence collection, IP theft	MODERATE
North Korea (Lazarus, APT38)	Financial gain	MODERATE

Hacktivist Activity

149 hacktivist DDoS attacks hit 110 organizations in 16 countries following Middle East conflict escalation (March 2026). Pro-Palestinian, pro-Iranian, and anti-US hacktivist collectives are assessed as likely to target World Cup digital infrastructure. Malware families in active deployment: RedLine Stealer, LummaC2, Vidar.

Attack Surface

Sub-Vector	Current Scale	Trend
Phishing / Typosquatting	9,741 new domains in April 2026	Accelerating
Infostealer Campaigns	130,000 logs with FIFA credentials	Growing
Coordinated Fraud Infrastructure	79 domains on 14 IPs, full-ecosystem replicas	Operational
DDoS Global Trend	Network-layer attacks up 168% YoY, peaks at 30 Tbps	Escalating
Ransomware	Targeting transit, hospitality, stadium ops	Active
Counterfeit Commerce	ICE seized 276,000+ items ($33M MSRP)	Growing rapidly

US Venue Risk Assessment

New York / New Jersey

MetLife Stadium (82,500) — FINAL VENUE

Hosts Final (Jul 19), Semifinal, and group matches. Highest-profile US venue. Primary target for state-sponsored and lone-actor threats.

Seattle, WA

Lumen Field (68,740)

6 matches including Belgium v Egypt (Jun 15), USA v Australia, Round of 32 & 16. I-5 corridor impacts. See Thurston County callout.

Los Angeles, CA

SoFi Stadium (70,240)

Multiple group stage and knockout matches. Large diaspora communities. High protest potential.

Miami, FL

Hard Rock Stadium (64,767)

Group stage and knockout matches. Central/South American fan concentration. Hooligan risk flagged.

Dallas, TX

AT&T Stadium (80,000)

Multiple matches. Extreme heat risk (June temps 95°F+). Large crowd management challenge.

Houston, TX

NRG Stadium (72,220)

Group and knockout matches. Retractable roof mitigates heat. Proximity to Gulf coast weather risks.

Atlanta, GA

Mercedes-Benz Stadium (71,000)

Group and knockout matches. Major transit hub. 1996 Olympics bombing precedent location.

Philadelphia, PA

Lincoln Financial Field (69,176)

Group stage matches. DHS funding delays directly impacting preparations. Hooligan risk flagged.

San Francisco, CA

Levi's Stadium (68,500)

Group and knockout matches. Active protest culture. Tech sector espionage concerns.

Kansas City, MO

Arrowhead Stadium (76,416)

Group stage matches. Interior US venue with lower international threat profile.

Boston, MA

Gillette Stadium (65,878)

Group stage matches. Boston Marathon bombing precedent. Strong federal law enforcement presence.

SEAR Rating

All US venues carry a SEAR 2 (Special Event Assessment Rating) designation, triggering significant federal security support including Secret Service coordination, DHS asset deployment, and multi-agency intelligence fusion.

Seattle / Pacific Northwest Focus

Lumen Field — 6 Matches Scheduled

Chief Security Officer: Former Seattle Police Chief John Diaz. Multi-agency coordination: SPD, King County Sheriff, WA State Patrol, federal agencies. Temporary gates and security barriers planned. Seattle City Councilmember Bob Kettle pushing for activation of World Cup security camera network.

Threat	Risk Level	Assessment
Vehicle theft / theft from vehicles	HIGH	Dominant threat vector; peaks during summer months coinciding with tournament
Violent crime (evening/night)	HIGH	55% of all violent crime occurs 18:00–05:59; matches align with peak risk hours
Transit hub drug activity	HIGH	International District-Chinatown hub: 10.1x higher drug activity concentration
Transit hub assault	ELEVATED	Same hub: 3.5x higher aggravated assault rate per square mile
Protest activity	ELEVATED	Seattle active protest culture; immigration and Middle East issues likely catalysts
Lone-actor attack	MODERATE	PNW history of lone-actor extremism (both left and right wing)
Cyber / infrastructure disruption	MODERATE	Port of Seattle ransomware history; transit system interdependencies

I-5 Corridor Impact

The I-5 corridor from Olympia to Seattle (60 miles) will experience significant traffic surges on match days. Thurston County residents and commuters face 2–4 hour transit time increases. Sound Transit and Amtrak Cascades services will see peak demand. See the dedicated Thurston County Local Impact Briefing for detailed analysis of the Olympia-Lacey Fan Zone at Port Plaza and I-5 corridor security considerations.

Security Posture & Critical Gaps

Federal Coordination

Deployed Security Architecture

White House Task Force on 2026 FIFA World Cup established March 2025
ODNI Analytic Symposium held for host city law enforcement
JCAT published 4 unclassified intelligence products: global threat landscape, CT response, narco-trafficking, cyber threats & malign influence
NCTC providing 24/7 intelligence support via National Counterterrorism Operations Center
CISA running preparedness exercises with FBI and sector partners
~50,000 police and security personnel (US)
65,000+ FIFA volunteers
100,000 Mexican security forces (National Guard, police, private)
Counter-UAS systems across ~70% of US host states
FAA No Drone Zones at all venues (Temporary Flight Restrictions)
FEMA $846M in grants allocated

Critical Gaps

Unfunded & Unresolved

$625M in Congressional security funding has NOT been distributed to host cities with fewer than 30 days to kickoff. This is the single most critical security preparation gap.
DHS funding lapses (114+ days of shutdowns over the past year) have disrupted training, coordination, and staff retention across federal security agencies.
Three-nation coordination complexity—no precedent exists for this scale of simultaneous multi-national perimeter defense.
Counter-UAS personnel shortage—only ~60 officers being trained for drone mitigation across 11 US states for a 39-day event.
ICE dual-role tension—immigration enforcement agency simultaneously tasked with event security creates trust deficit with diaspora communities, international visitors, and the 120+ civil society organizations that issued the travel advisory.

Predictive Assessments

Methodology

Calibrated probabilistic forecasts based on available OSINT as of 19 May 2026. Each prediction carries a confidence level, timeframe, and key indicators to monitor. These assessments will be scored against outcomes in post-event analysis.

WC26-P1

Significant cyber disruption (DDoS, ransomware, or infrastructure attack) will impact at least one tournament-related system during the event window.

Confidence:

90%

Basis: Active infrastructure already deployed. 9,741 domain registrations in April alone. 130K credential logs. DDoS attacks up 168% YoY globally. Near-certainty of attempted disruption; high probability of at least partial success.

WC26-P2

Organized protests will occur at or near 6+ US host venues during the tournament, with at least one incident of police-protester confrontation.

Confidence:

88%

Basis: 120+ organizations already mobilized. Boycott movements active with 25,800+ members. ACLU/Amnesty travel advisory issued. ICE dual-role as lightning rod. Multiple catalyst events already in play.

WC26-P3

Consumer fraud losses (fake tickets, counterfeit merchandise, accommodation scams) will exceed $100M globally during the tournament cycle.

Confidence:

85%

Basis: 75+ lookalike domains already operational. 500M+ ticket requests vs. 7M available. ICE already seized $33M in counterfeit goods pre-tournament. Demand/supply imbalance creates unprecedented fraud surface.

WC26-P4

At least one criminal violence incident targeting foreign visitors will occur in a Mexican host city (kidnapping, armed robbery, or carjacking) that gains international media coverage.

Confidence:

82%

Basis: Express kidnapping trend "unmistakably upward." CJNG retaliatory violence active in Guadalajara. Puebla mass shooting 200km from Mexico City opener. 2M+ visitors in Mexico creates target-rich environment.

WC26-P5

The $625M in Congressional security funding will be partially distributed before June 11, but at least 3 host cities will report they received funds too late for optimal deployment.

Confidence:

78%

Basis: Funding authorized but not distributed with 23 days to kickoff. Federal procurement timelines make full deployment before June 11 extremely difficult. Political pressure creates incentive for partial release.

WC26-P6

At least one UAS/drone incident (unauthorized flyover, not necessarily weaponized) will disrupt or delay a match at a US venue.

Confidence:

65%

Basis: FIFA flagged drones as "most consequential" threat. Only ~60 officers trained on counter-UAS. Recreational and protest-motivated drone flights are difficult to prevent entirely across 39 days and 11 venues.

WC26-P7

Fan violence (hooliganism) will result in arrests at 3+ US/Mexico venues, primarily in off-site locations (bars, transit, fan festivals) rather than inside stadiums.

Confidence:

72%

Basis: European ultra groups and Latin American barras bravas will attend. Soft zones are primary confrontation venues. Alcohol consumption amplifies risk. Stadium security effective at preventing inside-venue incidents.

WC26-P8

No mass casualty terrorist attack (10+ fatalities) will occur at a World Cup venue or official fan zone during the tournament.

Confidence:

70%

Basis: Federal security posture is extensive despite gaps. Historical precedent: no successful mass-casualty attack at a FIFA World Cup venue. However, the unprecedented threat convergence (Iran, ISIS, DVE) and soft-target surface reduce confidence below 80%.

WC26-P9

Iran-linked cyber operations (DDoS, defacement, or infrastructure disruption) will be publicly attributed during the tournament window.

Confidence:

68%

Basis: APT33/34/35 assessed as HIGH capability. Operation Epic Fury provides unprecedented motive. 149 hacktivist DDoS attacks already recorded post-escalation. Tournament digital surface presents high-visibility target aligned with retaliatory intent.

WC26-P10

The Olympia-Lacey Fan Zone at Port Plaza will operate without a major security incident across all 4 scheduled match days.

Confidence:

80%

Basis: Smaller venue with lower international profile. Local law enforcement coordination in place. Limited alcohol service reduces incident probability. Waterfront location provides natural crowd flow management. See Thurston County callout.

Intelligence Gaps

Classified threat picture. JCAT products are unclassified; the classified assessment almost certainly contains more specific threat information, particularly regarding Iranian operational intent and any identified plots.

Iran operational timeline. Whether IRGC has issued specific activation orders to proxy networks timed to the World Cup remains unknown in open source.

ISIS operational capability vs. propaganda. The degree to which ISIS propaganda translates to actual operational cells in North America in 2026 is unclear from open sources alone.

Cartel strategic intent. Whether cartels will deliberately avoid disrupting the World Cup to protect tourism revenue or exploit the distraction of security forces is ambiguous.

Counter-UAS readiness. Actual effectiveness of counter-drone capabilities given funding delays, compressed training timelines, and only ~60 trained officers across 11 states is uncertain.

Host city funding deployment. Whether the $625M reaches cities before June 11 and whether it is sufficient for the stated security requirements is unknown.

Admiralty Scale Confidence Summary

Threat Actor / Vector	Reliability	Credibility	Rating	Threat Level
Iranian State / Proxy Networks	B — Usually Reliable	2 — Probably True	B2	HIGH
ISIS / IS-Inspired Actors	B — Usually Reliable	2 — Probably True	B2	HIGH
Domestic Violent Extremists	C — Fairly Reliable	3 — Possibly True	C3	ELEVATED
Organized Protest Movements	A — Completely Reliable	2 — Probably True	A2	ELEVATED
Mexican Organized Crime	B — Usually Reliable	2 — Probably True	B2	HIGH
Football Hooligans	B — Usually Reliable	3 — Possibly True	B3	MODERATE
Cyber Threat Actors (All)	A — Completely Reliable	1 — Confirmed	A1	HIGH (Active)
UAS / Drone Threat	B — Usually Reliable	3 — Possibly True	B3	ELEVATED
Ticket / Consumer Fraud	A — Completely Reliable	1 — Confirmed	A1	HIGH (Active)
Lone-Actor Attack	B — Usually Reliable	2 — Probably True	B2	HIGH

Sources & Methodology

Analytic Confidence Statement

This assessment is based entirely on open-source intelligence (OSINT) collected 19 May 2026, drawing from government releases (ODNI, JCAT, DHS, CISA, FAA, FBI, ICE), commercial threat intelligence (Flashpoint, Check Point Research, Flare, Radware, Crisis24, Ackerman Group, Paladin Security, Base Operations), academic research (NCBRT/LSU, GWU Program on Extremism, HSGAC testimony), and credible media reporting. Classified intelligence would likely adjust several assessments, particularly regarding Iranian operational intent and specific plot information. The absence of a publicly identified specific, credible threat does NOT equate to the absence of a threat.

[1] ODNI, "ODNI Hosts Symposium with Law Enforcement to Ensure Security of 2026 FIFA World Cup," May 2026
[2] JCAT/NCTC, "Large Public Gatherings Attractive Targets for Violent Extremists," Intelligence Product Series (4 publications)
[3] Flashpoint, "Navigating the Threat Landscape of the 2026 FIFA World Cup," May 2026
[4] Check Point Research, "Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026," May 2026
[5] Flare, "From Pirated Software to Full Access to FIFA: Tracing the 2026 World Cup Infostealer Pipeline," May 2026
[6] Flare, "Massive World Cup Consumer Fraud Infrastructure Targets Fans Before Kickoff," May 2026
[7] Fox News, "Iranian sleeper cells pose World Cup threat, former FBI agent warns," May 2026
[8] Iran International, "Iran sleeper cells pose threat to World Cup," May 2026
[9] Washington Institute, "Inside Hezbollah's American Sleeper Cells," Policy Analysis
[10] Fox News, "FBI steps up monitoring of potential sleeper cells after Iran strikes," March 2026
[11] ASIS International, "Securing the World Cup Amid Geopolitical Conflict," May 2026
[12] ASIS International, "Q&A: What Makes Securing This Year's World Cup Different?" May 2026
[13] LBC, "ISIS encouraging 'mass casualty' terror attacks at FIFA World Cup 2026," 2026
[14] Dronelife, "How DHS Is Helping World Cup Host Cities Get Counter-UAS Ready," May 2026
[15] FAA, "FAA's Safety Plan for FIFA World Cup 2026," 2026
[16] DHS S&T, "S&T Lab Working with State and Local Agencies to Counter Drones at the World Cup," May 2026
[17] Dronelife, "Sentrycs Wins Counter-UAS Contracts for 2026 World Cup Security," April 2026
[18] Dronelife, "Training for the Threat: FBI Expands Counter-Drone Force," February 2026
[19] Base Operations, "Lumen Field Seattle FIFA World Cup 26 Threat Assessment," 2026
[20] KING5, "Temporary gates, added security proposed at Lumen Field," 2026
[21] KING5, "Multiple agencies planning security for FIFA World Cup 2026 Seattle matches," 2026
[22] Ackerman Group, "Special Security Assessment: FIFA World Cup 2026," 2026
[23] Paladin Security, "Security Risks for the 2026 FIFA World Cup in North America," 2026
[24] ACLU, "Over 120 Civil Society Groups Issue Travel Advisory for U.S. Ahead of FIFA World Cup," April 2026
[25] Amnesty International USA, "2026 World Cup Travel Advisory," April 2026
[26] CODEPINK, "FIFA: Move the Games!" Campaign
[27] Boycott USA 2026, Campaign Website
[28] Al Jazeera, "World Cup 2026: Will violence and protests test Mexico's cohost status?" May 2026
[29] PBS, "Mexico to boost security at tourist sites ahead of World Cup after shooting," May 2026
[30] Malwarebytes, "The 2026 World Cup scam economy," May 2026
[31] ICE, "ICE warns fans of counterfeit merchandise ahead of FIFA World Cup," 2026
[32] NCBRT/LSU, "Past World Cup Threats," Academy of Counter-Terrorist Education
[33] Liferaft, "What Past Attacks Reveal About 2026 World Cup Security," 2026
[34] HSGAC, Testimony on Terrorist Threats to International Sporting Events (Ligon)
[35] Radware, "Defending the Pitch: Strategic Cybersecurity Advisory for FIFA World Cup 2026"
[36] Crisis24, "World Cup 2026 Cyber Risks Extend Beyond Stadium Systems"
[37] Spotlight PA, "DHS shutdown hampers World Cup security prep," April 2026
[38] ESPN, "Why haven't World Cup host cities received $625 million of critical funding?" 2026
[39] Police1, "Policing the unpredictable: Securing the FIFA World Cup 2026," 2026
[40] GWU Program on Extremism, Hezbollah prosecution database
[41] DOJ, WHCD Shooting Press Release (Cole Tomas Allen), April 2026
[42] Crisis24, "2026 FIFA World Cup Risks and Recommendations for Businesses"
[43] Wikipedia, "2026 Iran War" and "2026 FIFA World Cup Controversies"
[44] Cisometric, FIFA-related domain threat analysis, 2026
[45] FIFA World Cup 2026 Official Match Schedule