Iran-linked Handala hacking group threatens 2026 World Cup teams

The claimed breach

Handala claimed it obtained access to images and suspects captured by the drones, including facial recognition and license plate scanning technology. According to the U.S. Department of Justice, Handala is linked to Iran's Ministry of Intelligence and Security and has been associated with data theft, wiper malware, and online influence campaigns.

The SITE Intelligence Group, which monitors extremist organizations and online threat activity, reported on Handala's claims regarding FBI drone access. However, the claims have not been independently verified.

Disputed evidence and threats

SITE disputed some of the material released by Handala, saying one video presented as evidence of the breach was actually produced in December 2024 by a software company promoting technology used by a U.S. police department. This raises questions about the authenticity of other materials the group released.

Handala's threat against World Cup teams was explicit. The group warned that first-person view drones "are everywhere; you never know when one might end up right in your team's bus." This framing suggested the group could target participating teams using unmanned aerial vehicles during the tournament.

Broader activity

The group's activity extends beyond the FBI claims. Handala claimed responsibility for a breach of California Water Service, releasing roughly five gigabytes of allegedly stolen data. The State Department's Rewards for Justice program continues to offer up to $10 million for information on foreign government-directed hackers involved in cyberattacks against U.S. critical infrastructure, signaling the seriousness with which U.S. officials treat such threats.