Threat Intelligence on Elevated Cyber Risk Around Major Events and Regional Targeting Trends
Reporting highlighted elevated cyber risk around the upcoming Milano Cortina Winter Games, with threat researchers warning that high-visibility events attract a broad mix of adversaries including hacktivists, cybercriminals, and state-linked espionage actors. Expected activity includes disruption of Wi-Fi and event digital infrastructure, DDoS, and ransomware/extortion, alongside intelligence collection targeting high-profile attendees (politicians, executives, celebrities) and event-adjacent critical infrastructure such as utilities, transit, ticketing, and point-of-sale systems.
Separate threat reporting indicated a shift in Oceania (Australia/New Zealand/South Pacific) where 2025 activity disproportionately impacted “Main Street” sectors—especially retail, construction, and professional services—rather than traditionally prioritized critical sectors. The reporting attributed part of this trend to the growing market for sold network access (initial access brokerage), citing dozens of tracked access sales affecting Australian and New Zealand organizations, with retail the most frequently impacted; this is distinct from an industry-focused blog post ranking Chinese cybersecurity firms, which is not tied to a specific incident or threat campaign.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Milano Cortina Winter Olympics are set to begin amid cyber risk concerns
The Winter Olympics were scheduled to start on Feb. 6, 2026, with security experts emphasizing the need for broad public-private coordination to defend against phishing, ransomware, espionage, and disruptive attacks.
Unit 42 warns Milano Cortina Winter Olympics will attract cyber threats
Ahead of the Milano Cortina Winter Olympics, Palo Alto Networks Unit 42 warned that the Games would likely face threats from cybercriminals, nation-state actors, and hacktivists targeting the event's dense ecosystem of systems and infrastructure.
Cyble reports 2025 attacks hit Oceania retail and services sectors hard
Cyble's 2025 reporting found that cyberattacks in Australia and New Zealand disproportionately affected retail, construction, and professional services, with retail showing especially high levels of initial-access sale activity.
Stolen data from a major retailer is advertised on a Russian-language forum
In 2025, attackers advertised 250GB of data stolen from a major retailer on a Russian-language cybercrime forum, illustrating the impact of attacks on non-critical industries in Oceania.
Scattered Spider breaches Qantas in 2025
Qantas was breached by the Scattered Spider threat group in 2025, becoming one of the notable Oceania incidents highlighted in Cyble's review of the year's attacks.
French authorities face cyber pressure during the 2024 Olympics
During the 2024 Olympics in France, authorities were subjected to cyber pressure, underscoring the continued targeting of high-profile international sporting events.
Cyberattacks disrupt the 2018 PyeongChang Winter Olympics
The 2018 PyeongChang Winter Olympics experienced cyber disruptions, later cited as a historical example of how major sporting events attract significant cyberattacks.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Italy Thwarts Suspected Russia-Linked Cyberattacks Targeting Milano Cortina Winter Olympics
Italian officials reported disrupting **cyberattacks attributed to Russia** that targeted infrastructure connected to the *Milano Cortina Winter Olympics*, including attempted intrusions against Olympic-related sites such as hotels in Cortina. Foreign Minister **Antonio Tajani** also said multiple Italian government foreign offices (including the office in Washington) were targeted, and the reporting noted broader concern about **pro-Russia hacktivist activity** flagged by UK authorities. Separately, the same reporting highlighted a potential risk to event-related digital resilience stemming from a dispute in which *Cloudflare*’s CEO threatened to withdraw free services in response to an Italian regulator’s fine over alleged anti-piracy rule violations. In parallel to the Olympics security environment, Italian authorities investigated **suspected physical sabotage** of railway infrastructure in northern Italy that disrupted travel during the Games’ opening days, including fires, severed cables, and discovery of a makeshift explosive device near tracks—incidents that caused major delays on routes serving Olympic host areas. While the rail incidents were treated as deliberate sabotage and compared by officials to disruptions seen during the Paris 2024 Olympics, they were not described as cyber in nature; they nonetheless underscore the broader **hybrid risk** profile around major international events where both digital and physical infrastructure may be targeted.
Mar 21, 2026
Russian-Linked Cyberattacks Target Winter Olympics Websites Amid Sabotage Fears
Italian authorities said they blocked Russian-linked cyberattacks aimed at websites tied to the Winter Olympics, preventing disruption as organizers prepared for the games. The activity revived concerns first underscored by the 2018 Winter Olympics opening ceremony attack, when a destructive operation sought to interrupt a high-profile international sporting event and demonstrated how cyber operations can be used to undermine global broadcasts, logistics, and public confidence. Threat intelligence reporting also described a broader surge in hacktivist activity ahead of the 2026 Winter Olympics, alongside protests and suspected sabotage risks. The combined reporting indicates that Olympic infrastructure, public-facing sites, and related organizations faced a heightened threat environment in which politically motivated actors and state-linked operators appeared poised to use cyberattacks to disrupt services, shape narratives, and embarrass host institutions.
May 25, 2026
Olympic Cybersecurity Lessons and Incident Response Preparedness
Coverage focused on **cybersecurity lessons from major sporting events**, especially the Olympics, with emphasis on how organizers prepared for and responded to threats surrounding **Paris 2024** and **Milan Cortina 2026**. The substantive reporting describes the Olympics as a high-value target for phishing, malware, spoofed domains, DDoS, hacktivism, and state-backed activity, and notes that Italian authorities said they blocked attacks targeting foreign ministry offices, Olympics websites, and hotels in the Cortina d'Ampezzo area before the 2026 Games opened. The material is largely **feature and interview content** rather than a single breaking incident, but it contains relevant operational detail about defending large public events through coordination across agencies, partners, and sponsors, and through mature **risk management** and **incident response** programs. One reference is not part of this story because it is a general weekly news roundup covering unrelated issues such as Chrome zero-days, router botnets, and an AWS breach, rather than Olympic event security.
Mar 21, 2026