What the Hacker Group Claims—and What Officials Say

The group, identified by cybersecurity researchers as “MuddyWater” (also linked to Iranian state-sponsored operations), posted on underground forums that it had exfiltrated “sensitive drone control systems” from the FBI. The claim was first reported by Reuters and BBC News, citing unnamed U.S. intelligence officials.

However, the FBI and Department of Homeland Security (DHS) have not publicly confirmed the breach or the group’s claims. A spokesperson for the FBI told Archysport: “We are aware of reports and taking appropriate actions to ensure the security of all events, including the 2026 FIFA World Cup. Any allegations of data compromise are being investigated thoroughly.”

Key discrepancy: While MuddyWater’s claims align with past Iranian cyber-espionage tactics, U.S. officials have not provided details on whether the stolen data includes operational drone systems used for stadium surveillance—only that “enhanced monitoring” is underway.

How This Could Affect the World Cup—and What’s Being Done

The 2026 FIFA World Cup, co-hosted by the U.S., Canada, and Mexico, will feature 48 teams and 80 matches across 16 cities, including New York, Los Angeles, and Dallas. Drone surveillance is a critical component of stadium security, used to monitor crowds, detect unauthorized objects, and coordinate rapid response teams.

According to a FIFA security briefing obtained by Archysport, the tournament’s security plan—developed in collaboration with the U.S. Secret Service and local law enforcement—already includes layered defenses:

• Ground-based radar and thermal imaging at all venues
• Armed sky marshals with counter-drone technology
• Real-time threat assessment centers in host cities

But the hacking claim adds complexity. “If adversaries gain access to drone telemetry or control systems, they could attempt to spoof signals or disrupt operations,” said Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly in a statement to Congress last month. “We’re working with FIFA and local authorities to ensure redundancy in critical infrastructure.”

What’s next: The U.S. government is expected to release an updated security assessment by June 15, ahead of the World Cup’s official kickoff in November 2026. FIFA’s security chief, Johan Verstrepen, declined to comment on specific threats but reiterated that “all scenarios are being prepared for.”

Historical Context: Cyber Threats at Major Sporting Events

This isn’t the first time cyber threats have shadowed a major sporting event. In 2018, Russian hackers targeted the Winter Olympics in PyeongChang, disrupting broadcasting systems. During the 2022 FIFA World Cup in Qatar, Iranian state actors were accused of hacking into fan apps to spread disinformation.

Experts warn that the 2026 World Cup—spanning three countries—presents a larger attack surface. “The scale of this tournament means more entry points for cyber intrusions,” said Mandiant threat analyst John Hultquist. “From ticketing systems to venue Wi-Fi, every layer must be hardened.”

Comparison: While the 2018 Olympics saw physical sabotage (e.g., malware in broadcasting systems), the current threat appears focused on operational technology—specifically drones. The FBI’s use of counter-drone measures at past events (e.g., Super Bowls) suggests they’re treating this as a high-priority risk.

What Fans and Teams Need to Know

For now, there is no evidence of disrupted plans for teams or spectators. FIFA’s official travel advisories remain unchanged, and all 48 participating nations have been briefed on security protocols. However, teams with players or staff from countries targeted by Iranian cyber campaigns (e.g., Israel, Saudi Arabia, or the U.S.) may receive additional protective measures.

Key actions for attendees:

• Download FIFA’s official app for real-time alerts (not third-party sources)
• Avoid public Wi-Fi at stadiums; use cellular data
• Report suspicious activity immediately to venue security

Teams are advised to encrypt all communications and avoid using personal devices for sensitive discussions. The NFL has previously shared similar guidance with its international players ahead of games in high-risk regions.

Expert Reactions: Assessing the Threat Level

Cybersecurity firms are divided on the severity of the claim. FireEye analysts note that MuddyWater’s track record includes targeting U.S. government contractors, but actual drone system breaches are rarer. “The group’s claims should be taken seriously, but we haven’t seen proof of exploitation yet,” said a FireEye spokesperson.

In contrast, Kaspersky’s Global Research & Analysis Team warns that drone control systems are often underprotected. “These systems can be hacked remotely if an attacker gains access to the network,” their report stated. “The World Cup’s distributed nature makes this a prime target.”

Bottom line: While the immediate risk to players and fans remains low, the incident underscores the evolving nature of sports security. “This is a reminder that cyber threats are now as critical as physical ones,” said International Security Services Forum Director Mark Sullivan.