Elections increasingly attract cyber operations that target politicians, businesses and the public. These activities range from espionage campaigns against political parties to influence operations seeking to shape opinions, sow discontent or undermine democratic processes.
This newsletter, published twice a month, provides an overview of key cyber incidents and emerging threats related to the upcoming October 2026 general elections in Brazil. It offers recommendations on how organizations and individuals can mitigate and protect against these threats.
Key incidents
In this issue we focus on:
Russia-linked disinformation and influence operations target June 7 Armenian parliamentary elections
The Institute for Strategic Dialogue (ISD) on May 27 reported that Russia-linked threat actor groups escalated activities in the lead-up to the Armenian parliamentary elections, including impersonating media outlets, creating fake news outlets to disseminate false narratives and using social media influencers to spread disinformation.
Cybercriminals target 2026 FIFA World Cup
Recorded Future on June 4 reported that cybercriminals are targeting the 2026 World Cup with phishing campaigns, fake merchandise stores and ticket scams and are using AI-generated content to do so at an unprecedented speed and scale.
+1,100 suspicious domains detected by Insikt Group researchers since April 1 containing the words “World” and “Cup”
(Source: Recorded Future, “Threats to the 2026 World Cup,” June 4, 2026)
Researchers also uncovered over 600 typosquatted domains mimicking fifa[.]com, and 260 registered domains combining FIFA branding with host-city names. Chinese-speaking threat actors have also reportedly cloned FIFA’s official website across around 300 domains to harvest credentials ahead of the tournament.
Mitigation advice twice a month
- Strengthen email security controls and conduct regular phishing awareness training by deploying advanced filtering and authentication protocols, alongside frequent simulation exercises to reinforce employees’ ability to identify and report suspicious messages.
- Reduce patching timelines by prioritizing critical vulnerabilities and accelerating update processes through structured workflows, automation where possible and rapid testing and deployment across systems
- Expand threat detection capabilities by implementing continuous monitoring tools, integrating threat intelligence and analyzing network and user behavior to quickly identify and respond to anomalous activity
- Monitor and manage reputational risk by tracking online narratives, assessing potential impacts and establishing clear communication protocols to respond effectively to misinformation or disinformation incidents
- Strengthen third-party risk management by conducting due diligence on vendors, enforcing consistent cyber security requirements and maintaining ongoing oversight of external partners’ security practices
- Implement heightened security measures during election periods by tightening access controls, increasing monitoring coverage and ensuring incident response teams are prepared to act quickly in high-risk scenarios
Russia-linked disinformation and influence operations target Armenian parliamentary elections
According to ISD data, Armenia was the most targeted country by Russia-linked threat actor Storm-1516 between April 2025 and April 2026, conducting more than 30 distinct campaigns. Campaigns by other Russia-aligned networks also escalated in the six months before the election, with threat actors seeking to spread false narratives about incumbent Prime Minister Nikol Pashinyan, likely seeking to undermine his pro-EU Civil Contract party’s position vis-à-vis the pro-Russia opposition. Pro-Russia actors also leveraged such disinformation in an attempt to damage Armenia’s relationships with its neighbors and international partners with a particular focus on Armenian relations with Turkey and France.
Despite such escalating disinformation efforts, the Civil Contract party was able to win the election, according to preliminary results from Armenia’s Central Election Commission, securing 49.81% of the vote and with an opposition alliance party a distant second with 23.29%.
Potential impact: This and similar recent pro-Russia campaigns, such as concerted efforts to influence Hungarian elections in April, do not appear to have significantly impacted results. However, Russian-influenced operations are highly likely to persist. Furthermore, Russia is likely to continue seeking to undermine election results in target countries, even after all voting and vote tabulation have been completed.
Cybercriminals seek to target 2026 FIFA World Cup
Recorded Future researchers identified 33 World Cup-themed purchase scam domains designed to mimic official FIFA merchandise sites. These fraudulent platforms aimed to harvest payment card data and other personally identifiable information (PII) from victims. Threat actors also built in a level of redundancy using multiple merchant accounts to maintain payment flows even when individual fraudulent websites were taken down.
In another campaign, threat actors manipulated search results and legitimate websites to then redirect unsuspecting shoppers to fraudster-controlled scam domains. Researchers noted that threat actors were not only targeting individual fans with their fraud operations, but also event sponsors, travel providers and ticketing platforms and were using stolen payment credentials to buy and sell legitimate tickets to World Cup matches.
Potential impact: Similar to national elections, high-profile events such as the World Cup are attractive targets for fraudsters and cybercriminals. With the advent of AI-generated content and increasingly autonomous tools, threat actors can now create tailored, sophisticated campaigns at a speed and scale previously unimaginable. Individuals should avoid clicking on unsolicited links, while organizations should implement proactive credential monitoring and domain alerting.
Focus on: 2026 FIFA World Cup by the numbers
The 2026 World Cup will be the largest of its kind in history, with 48 national teams competing across 16 host cities in three countries – Canada, Mexico, and the US. This is the first World Cup with the expanded 48 teams and there will be a total of 104 matches instead of the usual 64.
1,248 players will represent their countries in the tournament and more than 25 years separate the oldest player (Scotland’s Craig Gordon at 43) and the youngest (Mexico’s Gilbert Mora at 17). Portugal’s Cristiano Ronaldo and Argentina’s Lionel Messi are both slated to make history as the only players to appear in six World Cups.
Security considerations: Physical security concerns will almost certainly be top of mind for security officials and event organizers, given the large number of visitors and the concentration of crowds across various host cities. Civil unrest and disruptive protests are also likely to occur. Cybercriminal activity and disruptive cyber incidents are also certain, particularly given the number of dignitaries in attendance and the overall level of international attention surrounding the event. The fact that the tournament is being co-hosted by three countries in 2026 is also likely to significantly expand the attack surface and may produce spillover effects in other countries in the region, such as Brazil.
Electoral protection in Brazil: cybersecurity training and support
Register to receive these twice-monthly reports