11 June, 2026
Why industry experts are fearing the worst and how it may happen.
The air in the PyeongChang Olympic Stadium was electric, thick with anticipation for the 2018 Winter Games opening ceremony. Sarah, huddled in her seat with a hot chocolate, tried to share a quick video of the scene, but her phone couldn’t connect. Then, the large screens meant to guide the crowd and display athlete introductions flickered and went dark. What began as a mild inconvenience: unprintable tickets, non-functioning Wi-Fi, and suddenly useless cash machines: quickly escalated to a widespread system meltdown. The show, thankfully, went on, but behind the scenes, chaos reigned. This wasn’t a technical glitch, it was a sophisticated digital assault known as “Olympic Destroyer,” a piece of malicious software designed not to steal data, but to wreak maximum havoc and disruption. The attack succeeded in crippling the games’ entire IT infrastructure, from cameras and internet access to the official website and broadcasting systems, forcing organizers to frantically switch to manual operations. For a moment, the world’s premier winter sporting event was held hostage by code.
The landscape drastically shifted for the Paris 2024 Summer Olympics. While attackers launched an unprecedented volume of cyber assaults, with reports indicating millions of attempts, the focus was on disruption and espionage rather than a debilitating infrastructure attack like Olympic Destroyer. French authorities, in collaboration with global cybersecurity partners, emphasized a “security-by-design” approach, integrating defenses and mitigating threats before they could escalate into public crises. The lack of a major, visible system failure during the Games became the new benchmark for security success.
This history now puts the spotlight on the FIFA World Cup of 2026: will the joint hosts in North America experience a widespread failure reminiscent of Korea, or a quiet, successful defense like the one mounted in Paris? What has changed since then? And what is likely to happen this time?
Motive
If you have ever seen a detective movie or series, you know to look for a motive. This is no different from cyber attacks, motive leads to resources being allocated to the hacking attempts. In the case of the Korean Olympics the first fingers were pointed to North Korea. The two parts of Korea are technically still at war with each other. There were clear North-Korean fingerprints in the hacks, but these turned out to be a bit too clear. While attribution is always hard and debatable, it is now assumed that the North-Korean fingerprints were a false flag. The US and UK have officially pointed a finger at Russia’ s GRU (military intelligence agency). The motive was that Russia, which is traditionally one of the biggest and most glorious teams in the Olympics, had been kicked out due to doping scandals.
Now let’s fast forward to today. Can you think of any countries in the world that might benefit from seeing one of the three host nations (USA, Mexico, or Canada) stumble?
Given the current geopolitical environment and the global attention the event will attract, there are a variety of actors who could have an interest in disrupting operations or creating bad publicity. With world leaders and public figures expected to be closely associated with the event, any disruption or controversy could quickly become a high-profile international story.
So plenty of bad guys want to spoil the fun, but can they?
Technological context
You don’t need to work in technology to see that the technological landscape has dramatically changed in the last years, and even months.
New technologies, particularly AI and agentic systems, have fundamentally shifted the power balance toward attackers. Autonomous frontier models like Claude Mythos are now capable of identifying decade-old systems, generating functional exploits, and executing complex, multi-stage cyber operations with minimal human oversight, a capability previously considered the domain of science fiction.
This automation has dramatically accelerated the process from vulnerability discovery to exploitation, allowing attackers to weaponize flaws in minutes. Furthermore, AI tools are used to craft highly convincing social engineering attacks, creating phishing emails, audio messages, and brand clones that are more polished and realistic than real communications, vastly lowering the barrier to entry for large-scale deception.
Targets
During major sporting events like the Olympics or the World Cup, hackers can choose from a wide array of high-value targets to cause disruption. These include ticketing and access control systems, which are vital for entry and crowd flow, as well as operational technology (OT) and venue management infrastructure, encompassing essential utilities and security cameras. Furthermore, broadcasting and media networks are prime targets for those seeking to interrupt the global viewing experience, while logistics and transportation management systems are critical for moving athletes and fans. Finally, financial and point-of-sale (POS) systems represent significant targets for economic sabotage and theft during these events.
Techniques
Many of the techniques used have been around for a while, but what is new is the massive automation and scaling of the probing of systems and the creation of automated attack chains combining different techniques together.
Attackers may utilize zero day exploits or simply an unpatched old one for initial access, followed by lateral movement and privilege escalation to gain deeper network control. There is a significant threat from supply chain attacks, alongside a heavy reliance on AI-enhanced spear phishing and social engineering to deceive targets. Furthermore, the deployment of ransomware and keyloggers poses a risk to data integrity and financial assets, while DDos attacks launched via a botnet could be used to shut down essential public-facing systems.
Defenses
Whilst there will clearly be a lot of attacking in this world cup, they are also up against possibly the best defense in the world. But even the best defense has to be at the top of their game to keep the slate clean.
Preparations for the 2026 World Cup involve an unprecedented multi-national effort, headlined by the establishment of a unified cyber command center to coordinate real-time threat intelligence across the USA, Mexico, and Canada. A primary focus lies in hardening operational technology (OT) systems and venue infrastructure against physical and digital disruption. Additionally, public-private partnerships are facilitating extensive red team exercises and the development of tailored defense playbooks to proactively mitigate AI-driven and automated attack vectors.
We are ready for the games to begin.
So will the world cup get hacked?
Global sporting events are a wonderful opportunity for the world to get closer together, and fraternize over a beer and the off-side rule.There is infinitely more coming together than falling apart. But we know that there are capable adversaries with strong motives to spoil the party, this time more than ever. Meanwhile the tools to do so have arrived at everyone’s fingertips.
As cybersecurity professionals it is our job to make sure the world doesn’t have to worry about this. But to be fair, we are still playing catch up with all the new technologies and threats.
So no promises, except that we will definitely learn a lot from what happens in the next few weeks.
