Inside Russian Cyber Attacks at the 2026 Winter Olympics

A few days before the opening ceremony of the Milano Cortina Olympic Winter Games of 2026, cyber attackers were poised to strike.

Italy’s Foreign Minister, Antonio Tajani, announced on February 4 2026 that the country's security services had thwarted a series of cyber attacks which targeted the country’s foreign ministry offices, including the Italian embassy in Washington DC.

Some attacks were directly aimed at the Winter Olympics crowd, with the game websites and hotels in Cortina d'Ampezzo targeted.

Malicious cyber activity in the run-up to an Olympics is not a new phenomenon, but an extension of the cyber criminal rituals that continually target high profile sporting events.

Some recent examples include the disrupted Wi-Fi and digital infrastructure at PyeongChang 2018, the attempted sabotage of pre-Games activities in Tokyo 2020 by Russian threat actors and the Olympics-themed phishing attempts and scam traffic during the 2024 Paris Olympics.

Palo Alto Networks’ Unit 42 had predicted the Winter Olympics to be a playground for threat actors all the way from petty scammers to highly organised cyber gangs sponsored by nation-states. 

Who is behind the 2026 Olympic Cyber attack?

As Antonio noted, this week's attacks originated from within Russia. 

Though Italy has not disclosed the specific groups behind the cyber attack, a report from The Moscow Times notes that a pro Russian hacktivist group called NoName057 could be responsible. 

The Moscow Times report elaborated that NoName057 had claimed responsibility for the attempted attacks in a Telegram channel. In its Telegram messages, the group reportedly said that the attacks were a retaliation for Italy’s support of Ukraine.  

Although their involvement is not corroborated, NoName057 is a highly active group that is known to perform DDoS attacks against countries that are viewed to be “adversarial” to Russia and its geopolitical goals. 

Athletes and Olympic fans in Italy on high alert

With the opening ceremony scheduled for February 6 2026, marking curtains up for athletic bravado, threat actors will be circling around the stadiums and the cities to strike gold. 

While the Italian security services reportedly prevented the Russian cyber attacks, cybersecurity experts say the real risk for travellers won’t be high-level state hacking, but the surge in scams, impersonation emails and fake booking messages that typically target attendees of major global events.

These could range from fake ticket links, fraudulent accommodation offers and messages claiming to be from airlines, hotels or official event organisers, none of which should be taken at face value. 

“Major events like the Olympics create urgency and pressure. People are booking late, changing plans and reacting quickly to messages about tickets or accommodation," says George Foley, Cybersecurity Specialist at ESET Ireland.

“That is exactly what scammers rely on. You do not need a successful cyberattack on Olympic systems for real harm to occur," George adds.

“Fake emails, cloned websites and impersonation messages are enough to cause disruption and financial loss.

“If you are travelling with family or a group, agree [to] a simple rule in advance. “Anything involving payment or a last-minute change gets checked twice. That alone can stop most scams.”

ESET Ireland also warns caution to those following the Games from the comfort of their couch, as fake livestreams, ticket giveaways and social media promotions are some common tactics employed by bad actors to spread malware or steal login details during high profile international events.

Brace for DDoS attacks

From the 2012 London Summer Games to EURO 2024 in Germany, threat actors have routinely targeted global sporting events with DDoS attacks. 

“The increasingly accessible and politically charged nature of the threat landscape, coupled with its global exposure and reliance on interconnected digital systems, makes the 2026 Winter Games a marquee target for cybercriminals,” says Darren Anstee, CTO for security at NETSCOUT. 

“Perhaps the most potent tool threat actors can utilise against a global spectacle like the Winter Games are distributed denial-of-service (DDoS) attacks.

“These attacks – which are designed to overwhelm digital servers and networks – are a favourite as they’re easy to launch, hard to trace and capable of disrupting live broadcasts, venue connectivity and public safety systems. 

“Unfortunately, since the last iteration of the Games, the DDoS threat landscape has evolved significantly. 

Darren notes that the “democratisation of sophisticated attack tools and services” has significantly lowered the skill barrier required for novice hacktivists and has “widened the threat spectrum”. 

“What’s more, geopolitically motivated DDoS activity has come to the fore, mirroring real-world conflicts,“ he adds, “Anti-Western hacktivists may target the event, driven by motives ranging from the IOC’s suspension of Russia to broader ideological opposition against the Italian government.”

The Winter Olympics, like many other major international events could therefore be a stage for hacktivists to spread their messages if security is not amped up.