The Insikt Group from Recorded Future published a cyber threat analysis report on Thursday, November 17th outlining what they see are the most significant threats to the upcoming Men’s World Cup to be held in Doha, Qatar. This year’s match will be held from November 20th through December 18th in the tiny Gulf country with a nascent football community.
The analysis, entitled Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar is far reaching and covers each of the topics given in the title. This article will summarize some of their observations about influence operations by various nation-state cyber threat actors that are known to have well-resourced advance persistent threat (APT) teams.
The big four countries with aggressive cyber offense units are: China, Iran, North Korea and Russia. The Insikt Group discusses both the positive and negative influence operations from each of these countries based on their histories, diplomatic ties, geographical proximities, trade relations and other factors.
For China, Iran, and North Korea they conclude that there are not likely to be destructive or disruptive cyber attacks, but there has been some evidence of influence operations conducted to influence opinion on the world stage.
China has strong economic ties with Qatar as a construction partner in the Belt and Road Initiative. Iran stood by Qatar during the 2017 diplomatic break with several of the other Gulf and Arab states. And North Korea voluntarily withdrew from the 2022 competition in part because of COVID-19 concerns.
The one country with both sophisticated cyber threat actors working through APT groups and well-developed quasi-private troll farms promoting narratives supportive of national geopolitical objectives is Russia. It is the one country that has multiple grievances against Qatar and FIFA and might, therefore, be motivated to engage in destructive or disruptive attacks against participants in the event.
The Inksit Group noted, however, that the Russian government is likely distracted by their war with Ukriane at this time and may not be allocating resources to the Men’s World Cup. They also noted that the Kremlin would not likely actively discourage patriotic nationalists or cyber criminal gangs such as KillNet or XakNet that might be using the sporting event for financially motivated threat actor activities. This might be to the advantage of the Kremlin given that they would have plausible deniability, while at the same time benefiting from the potential financial benefits to the Russian economy from such criminal activity.
Most importantly, the efforts of troll farms to advance pro-Kremlin narratives about what they still call the “Special Military Operation” would likely be perceived to be beneficial. And, since Qatar has taken the position of siding with Qatar on supporting the territorial integrity of the Ukraine, pro-Russian and anti-Qatar narratives on state-sponsored media will likely continue through the 29 days of the event.