Russian-Linked Cyberattacks Target Winter Olympics Websites Amid Sabotage Fears
Italian authorities said they blocked Russian-linked cyberattacks aimed at websites tied to the Winter Olympics, preventing disruption as organizers prepared for the games. The activity revived concerns first underscored by the 2018 Winter Olympics opening ceremony attack, when a destructive operation sought to interrupt a high-profile international sporting event and demonstrated how cyber operations can be used to undermine global broadcasts, logistics, and public confidence.
Threat intelligence reporting also described a broader surge in hacktivist activity ahead of the 2026 Winter Olympics, alongside protests and suspected sabotage risks. The combined reporting indicates that Olympic infrastructure, public-facing sites, and related organizations faced a heightened threat environment in which politically motivated actors and state-linked operators appeared poised to use cyberattacks to disrupt services, shape narratives, and embarrass host institutions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Researchers report surge in hacktivism ahead of 2026 Winter Olympics
Intel 471 reported increased hacktivist activity, protests, and suspected sabotage risks in the run-up to the 2026 Winter Olympics. The report highlighted a heightened cyber threat environment surrounding the event.
Italy says it thwarted Russian-linked attacks on 2026 Olympics websites
Italian authorities said they had averted cyberattacks linked to pro-Russian actors targeting websites associated with the Milan-Cortina 2026 Winter Olympics. The announcement reflected active defensive measures ahead of the games.
Cyberattack disrupts opening of the 2018 Winter Olympics
A cyberattack targeted the opening of the PyeongChang Winter Olympics, disrupting internet, television, and IT systems tied to the event. The incident became known as a significant sabotage operation against Olympic infrastructure.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage | Intel 471
intel471.com
Open sourceItaly says it has averted Russian-linked cyberattacks targeting Winter Olympics websites | AP News
apnews.com
Open sourceCyberattack Aimed to Disrupt Opening of Winter Olympics
darkreading.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Italy Thwarts Suspected Russia-Linked Cyberattacks Targeting Milano Cortina Winter Olympics
Italian officials reported disrupting **cyberattacks attributed to Russia** that targeted infrastructure connected to the *Milano Cortina Winter Olympics*, including attempted intrusions against Olympic-related sites such as hotels in Cortina. Foreign Minister **Antonio Tajani** also said multiple Italian government foreign offices (including the office in Washington) were targeted, and the reporting noted broader concern about **pro-Russia hacktivist activity** flagged by UK authorities. Separately, the same reporting highlighted a potential risk to event-related digital resilience stemming from a dispute in which *Cloudflare*’s CEO threatened to withdraw free services in response to an Italian regulator’s fine over alleged anti-piracy rule violations. In parallel to the Olympics security environment, Italian authorities investigated **suspected physical sabotage** of railway infrastructure in northern Italy that disrupted travel during the Games’ opening days, including fires, severed cables, and discovery of a makeshift explosive device near tracks—incidents that caused major delays on routes serving Olympic host areas. While the rail incidents were treated as deliberate sabotage and compared by officials to disruptions seen during the Paris 2024 Olympics, they were not described as cyber in nature; they nonetheless underscore the broader **hybrid risk** profile around major international events where both digital and physical infrastructure may be targeted.
Mar 21, 2026
Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in **state-linked and politically motivated cyber activity** in Europe, framed as part of broader **hybrid warfare**. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability. Separately, threat reporting tied to the **2026 Winter Olympics** indicates increased **hacktivist mobilization and targeting chatter** against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial **kinetic/physical damage** to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
May 7, 2026
Italy Reports Russia-Origin Cyberattacks Targeting Milano Cortina Winter Olympics
Italian Foreign Minister **Antonio Tajani** said Italy has already blocked a series of cyberattacks he described as being “of Russian origin” that targeted both **Italian Foreign Ministry** systems and infrastructure linked to the **Milano Cortina Winter Olympics**, including **hotels in Cortina**. He cited attacks affecting foreign ministry sites beginning with an office in **Washington, D.C.**, but did not provide technical details on the intrusion methods, impact, or whether the activity was state-directed versus aligned **pro-Russia hacktivists**. Italian media reporting indicated local authorities had prepared in advance for elevated cyber risk around the Games, including a dedicated team working with Olympic organizers’ experts to defend the event environment. The reporting also echoed broader warnings from European partners (including the UK) not to underestimate pro-Russia-aligned actors and noted Russia’s history of targeting major international sporting events, though no specific attribution beyond Tajani’s “Russian origin” characterization was provided in these accounts.
Apr 7, 2026