Italy Thwarts Suspected Russia-Linked Cyberattacks Targeting Milano Cortina Winter Olympics
Italian officials reported disrupting cyberattacks attributed to Russia that targeted infrastructure connected to the Milano Cortina Winter Olympics, including attempted intrusions against Olympic-related sites such as hotels in Cortina. Foreign Minister Antonio Tajani also said multiple Italian government foreign offices (including the office in Washington) were targeted, and the reporting noted broader concern about pro-Russia hacktivist activity flagged by UK authorities. Separately, the same reporting highlighted a potential risk to event-related digital resilience stemming from a dispute in which Cloudflare’s CEO threatened to withdraw free services in response to an Italian regulator’s fine over alleged anti-piracy rule violations.
In parallel to the Olympics security environment, Italian authorities investigated suspected physical sabotage of railway infrastructure in northern Italy that disrupted travel during the Games’ opening days, including fires, severed cables, and discovery of a makeshift explosive device near tracks—incidents that caused major delays on routes serving Olympic host areas. While the rail incidents were treated as deliberate sabotage and compared by officials to disruptions seen during the Paris 2024 Olympics, they were not described as cyber in nature; they nonetheless underscore the broader hybrid risk profile around major international events where both digital and physical infrastructure may be targeted.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Italian leaders publicly condemn sabotage and warn of threats to the Games
Prime Minister Giorgia Meloni condemned the protests and suspected sabotage, saying opponents were trying to undermine Italy and the event, while authorities confirmed investigations into the rail incidents. Around the same time, Italy's foreign minister publicly disclosed the wave of blocked cyberattacks targeting Olympics-linked systems.
Protests in Milan lead to arrests during Olympics opening period
Large protests against the Winter Olympics and broader economic issues took place in Milan, and six people were arrested after clashes. The demonstrations occurred alongside the transport disruptions during the Games' opening days.
Suspected sabotage hits rail infrastructure in northern Italy
Multiple suspected sabotage incidents struck railway infrastructure in northern Italy during the opening days of the Winter Olympics, including fires, severed cables and a makeshift explosive device near tracks. Police cited at least three incidents, including damage near Bologna and an arson attack on a track-switch structure near Pesaro, causing delays of up to two and a half hours and affecting thousands of travelers.
Italy begins blocking suspected Russian cyberattacks on Olympics infrastructure
Italian officials said they started thwarting cyberattacks assessed as originating from Russia that targeted foreign ministry offices, including the office in Washington, as well as Olympics-related infrastructure such as hotels in Cortina. The Milano Cortina Winter Olympics were described as a primary target of the activity.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Italy Reports Russia-Origin Cyberattacks Targeting Milano Cortina Winter Olympics
Italian Foreign Minister **Antonio Tajani** said Italy has already blocked a series of cyberattacks he described as being “of Russian origin” that targeted both **Italian Foreign Ministry** systems and infrastructure linked to the **Milano Cortina Winter Olympics**, including **hotels in Cortina**. He cited attacks affecting foreign ministry sites beginning with an office in **Washington, D.C.**, but did not provide technical details on the intrusion methods, impact, or whether the activity was state-directed versus aligned **pro-Russia hacktivists**. Italian media reporting indicated local authorities had prepared in advance for elevated cyber risk around the Games, including a dedicated team working with Olympic organizers’ experts to defend the event environment. The reporting also echoed broader warnings from European partners (including the UK) not to underestimate pro-Russia-aligned actors and noted Russia’s history of targeting major international sporting events, though no specific attribution beyond Tajani’s “Russian origin” characterization was provided in these accounts.
Apr 7, 2026
Russian-Linked Cyberattacks Target Winter Olympics Websites Amid Sabotage Fears
Italian authorities said they blocked Russian-linked cyberattacks aimed at websites tied to the Winter Olympics, preventing disruption as organizers prepared for the games. The activity revived concerns first underscored by the 2018 Winter Olympics opening ceremony attack, when a destructive operation sought to interrupt a high-profile international sporting event and demonstrated how cyber operations can be used to undermine global broadcasts, logistics, and public confidence. Threat intelligence reporting also described a broader surge in hacktivist activity ahead of the 2026 Winter Olympics, alongside protests and suspected sabotage risks. The combined reporting indicates that Olympic infrastructure, public-facing sites, and related organizations faced a heightened threat environment in which politically motivated actors and state-linked operators appeared poised to use cyberattacks to disrupt services, shape narratives, and embarrass host institutions.
May 25, 2026
Threat Intelligence on Elevated Cyber Risk Around Major Events and Regional Targeting Trends
Reporting highlighted elevated cyber risk around the upcoming **Milano Cortina Winter Games**, with threat researchers warning that high-visibility events attract a broad mix of adversaries including **hacktivists**, **cybercriminals**, and **state-linked espionage actors**. Expected activity includes disruption of Wi-Fi and event digital infrastructure, **DDoS**, and **ransomware/extortion**, alongside intelligence collection targeting high-profile attendees (politicians, executives, celebrities) and event-adjacent **critical infrastructure** such as utilities, transit, ticketing, and point-of-sale systems. Separate threat reporting indicated a shift in **Oceania (Australia/New Zealand/South Pacific)** where 2025 activity disproportionately impacted “Main Street” sectors—especially **retail**, **construction**, and **professional services**—rather than traditionally prioritized critical sectors. The reporting attributed part of this trend to the growing market for **sold network access** (initial access brokerage), citing dozens of tracked access sales affecting Australian and New Zealand organizations, with retail the most frequently impacted; this is distinct from an industry-focused blog post ranking Chinese cybersecurity firms, which is not tied to a specific incident or threat campaign.
Mar 21, 2026