Italy Reports Russia-Origin Cyberattacks Targeting Milano Cortina Winter Olympics
Italian Foreign Minister Antonio Tajani said Italy has already blocked a series of cyberattacks he described as being “of Russian origin” that targeted both Italian Foreign Ministry systems and infrastructure linked to the Milano Cortina Winter Olympics, including hotels in Cortina. He cited attacks affecting foreign ministry sites beginning with an office in Washington, D.C., but did not provide technical details on the intrusion methods, impact, or whether the activity was state-directed versus aligned pro-Russia hacktivists.
Italian media reporting indicated local authorities had prepared in advance for elevated cyber risk around the Games, including a dedicated team working with Olympic organizers’ experts to defend the event environment. The reporting also echoed broader warnings from European partners (including the UK) not to underestimate pro-Russia-aligned actors and noted Russia’s history of targeting major international sporting events, though no specific attribution beyond Tajani’s “Russian origin” characterization was provided in these accounts.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
NETSCOUT reports broader DDoS surge during Milano Cortina Winter Games
NETSCOUT said DDoS attacks against Italian infrastructure during the February 6–23 Milano Cortina 2026 Winter Games rose 181% over 2025 levels and reached 6 to 10 times historical norms, with daily counts peaking above 2,200 on February 23–24. The report said NoName057(16) dominated public claims, while NETSCOUT also observed DDoSia activity against 74 Italian domains and Aisuru botnet activity heavily focused on Milan.
Pro-Russian group NoName057(16) claims responsibility for DDoS attacks
The pro-Russian hacktivist group NoName057(16) claimed responsibility for the activity, portraying it as retaliatory DDoS attacks over Italy’s support for Ukraine. Reports said the group circulated a target list including government websites, diplomatic missions, and hotels in the Cortina area.
Italy publicly attributes the attacks to Russian origin
During a visit to Washington, Foreign Minister Antonio Tajani said the blocked attacks were of "Russian origin" and thanked Italian security authorities for stopping them. He described the activity as targeting both diplomatic facilities and Olympics-related locations shortly before the Games began.
Italy blocks cyberattacks targeting Olympics-linked and foreign ministry sites
Ahead of the Milano Cortina 2026 Winter Olympics, Italian authorities thwarted a series of cyberattacks against infrastructure tied to the Games, including hotels in Cortina d’Ampezzo, Winter Olympics online assets, and multiple Italian Foreign Ministry offices abroad, including Washington. Reporting indicated roughly 120 targets overall and no significant disruption.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
The Winter Games Effect: When Gold Meets DDoS | NETSCOUT
netscout.com
Open sourceCyber and Physical Risks Targeting the 2026 Winter Olympics | Flashpoint
flashpoint.io
Open sourcePro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics
securityaffairs.com
Open sourceItaly blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News
therecord.media
Open source'Russian origin' cyberattacks target Italy's Winter Olympics • The Register
go.theregister.com
Open sourceKurz vor Olympia: Italien wehrt russische Hacker-Angriffe ab | CSO Online
csoonline.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Italy Thwarts Suspected Russia-Linked Cyberattacks Targeting Milano Cortina Winter Olympics
Italian officials reported disrupting **cyberattacks attributed to Russia** that targeted infrastructure connected to the *Milano Cortina Winter Olympics*, including attempted intrusions against Olympic-related sites such as hotels in Cortina. Foreign Minister **Antonio Tajani** also said multiple Italian government foreign offices (including the office in Washington) were targeted, and the reporting noted broader concern about **pro-Russia hacktivist activity** flagged by UK authorities. Separately, the same reporting highlighted a potential risk to event-related digital resilience stemming from a dispute in which *Cloudflare*’s CEO threatened to withdraw free services in response to an Italian regulator’s fine over alleged anti-piracy rule violations. In parallel to the Olympics security environment, Italian authorities investigated **suspected physical sabotage** of railway infrastructure in northern Italy that disrupted travel during the Games’ opening days, including fires, severed cables, and discovery of a makeshift explosive device near tracks—incidents that caused major delays on routes serving Olympic host areas. While the rail incidents were treated as deliberate sabotage and compared by officials to disruptions seen during the Paris 2024 Olympics, they were not described as cyber in nature; they nonetheless underscore the broader **hybrid risk** profile around major international events where both digital and physical infrastructure may be targeted.
Mar 21, 2026
Russian-Linked Cyberattacks Target Winter Olympics Websites Amid Sabotage Fears
Italian authorities said they blocked Russian-linked cyberattacks aimed at websites tied to the Winter Olympics, preventing disruption as organizers prepared for the games. The activity revived concerns first underscored by the 2018 Winter Olympics opening ceremony attack, when a destructive operation sought to interrupt a high-profile international sporting event and demonstrated how cyber operations can be used to undermine global broadcasts, logistics, and public confidence. Threat intelligence reporting also described a broader surge in hacktivist activity ahead of the 2026 Winter Olympics, alongside protests and suspected sabotage risks. The combined reporting indicates that Olympic infrastructure, public-facing sites, and related organizations faced a heightened threat environment in which politically motivated actors and state-linked operators appeared poised to use cyberattacks to disrupt services, shape narratives, and embarrass host institutions.
May 25, 2026
Threat Intelligence on Elevated Cyber Risk Around Major Events and Regional Targeting Trends
Reporting highlighted elevated cyber risk around the upcoming **Milano Cortina Winter Games**, with threat researchers warning that high-visibility events attract a broad mix of adversaries including **hacktivists**, **cybercriminals**, and **state-linked espionage actors**. Expected activity includes disruption of Wi-Fi and event digital infrastructure, **DDoS**, and **ransomware/extortion**, alongside intelligence collection targeting high-profile attendees (politicians, executives, celebrities) and event-adjacent **critical infrastructure** such as utilities, transit, ticketing, and point-of-sale systems. Separate threat reporting indicated a shift in **Oceania (Australia/New Zealand/South Pacific)** where 2025 activity disproportionately impacted “Main Street” sectors—especially **retail**, **construction**, and **professional services**—rather than traditionally prioritized critical sectors. The reporting attributed part of this trend to the growing market for **sold network access** (initial access brokerage), citing dozens of tracked access sales affecting Australian and New Zealand organizations, with retail the most frequently impacted; this is distinct from an industry-focused blog post ranking Chinese cybersecurity firms, which is not tied to a specific incident or threat campaign.
Mar 21, 2026