Italy Reports Russia-Origin Cyberattacks Targeting Milano Cortina Winter Olympics
Italian Foreign Minister Antonio Tajani said Italy has already blocked a series of cyberattacks he described as being “of Russian origin” that targeted both Italian Foreign Ministry systems and infrastructure linked to the Milano Cortina Winter Olympics, including hotels in Cortina. He cited attacks affecting foreign ministry sites beginning with an office in Washington, D.C., but did not provide technical details on the intrusion methods, impact, or whether the activity was state-directed versus aligned pro-Russia hacktivists.
Italian media reporting indicated local authorities had prepared in advance for elevated cyber risk around the Games, including a dedicated team working with Olympic organizers’ experts to defend the event environment. The reporting also echoed broader warnings from European partners (including the UK) not to underestimate pro-Russia-aligned actors and noted Russia’s history of targeting major international sporting events, though no specific attribution beyond Tajani’s “Russian origin” characterization was provided in these accounts.
Timeline
Apr 6, 2026
NETSCOUT reports broader DDoS surge during Milano Cortina Winter Games
NETSCOUT said DDoS attacks against Italian infrastructure during the February 6–23 Milano Cortina 2026 Winter Games rose 181% over 2025 levels and reached 6 to 10 times historical norms, with daily counts peaking above 2,200 on February 23–24. The report said NoName057(16) dominated public claims, while NETSCOUT also observed DDoSia activity against 74 Italian domains and Aisuru botnet activity heavily focused on Milan.
Feb 5, 2026
Pro-Russian group NoName057(16) claims responsibility for DDoS attacks
The pro-Russian hacktivist group NoName057(16) claimed responsibility for the activity, portraying it as retaliatory DDoS attacks over Italy’s support for Ukraine. Reports said the group circulated a target list including government websites, diplomatic missions, and hotels in the Cortina area.
Feb 5, 2026
Italy publicly attributes the attacks to Russian origin
During a visit to Washington, Foreign Minister Antonio Tajani said the blocked attacks were of "Russian origin" and thanked Italian security authorities for stopping them. He described the activity as targeting both diplomatic facilities and Olympics-related locations shortly before the Games began.
Feb 5, 2026
Italy blocks cyberattacks targeting Olympics-linked and foreign ministry sites
Ahead of the Milano Cortina 2026 Winter Olympics, Italian authorities thwarted a series of cyberattacks against infrastructure tied to the Games, including hotels in Cortina d’Ampezzo, Winter Olympics online assets, and multiple Italian Foreign Ministry offices abroad, including Washington. Reporting indicated roughly 120 targets overall and no significant disruption.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
1 more from sources like cso online
Related Stories
Italy Thwarts Suspected Russia-Linked Cyberattacks Targeting Milano Cortina Winter Olympics
Italian officials reported disrupting **cyberattacks attributed to Russia** that targeted infrastructure connected to the *Milano Cortina Winter Olympics*, including attempted intrusions against Olympic-related sites such as hotels in Cortina. Foreign Minister **Antonio Tajani** also said multiple Italian government foreign offices (including the office in Washington) were targeted, and the reporting noted broader concern about **pro-Russia hacktivist activity** flagged by UK authorities. Separately, the same reporting highlighted a potential risk to event-related digital resilience stemming from a dispute in which *Cloudflare*’s CEO threatened to withdraw free services in response to an Italian regulator’s fine over alleged anti-piracy rule violations. In parallel to the Olympics security environment, Italian authorities investigated **suspected physical sabotage** of railway infrastructure in northern Italy that disrupted travel during the Games’ opening days, including fires, severed cables, and discovery of a makeshift explosive device near tracks—incidents that caused major delays on routes serving Olympic host areas. While the rail incidents were treated as deliberate sabotage and compared by officials to disruptions seen during the Paris 2024 Olympics, they were not described as cyber in nature; they nonetheless underscore the broader **hybrid risk** profile around major international events where both digital and physical infrastructure may be targeted.
1 months ago
Threat Intelligence on Elevated Cyber Risk Around Major Events and Regional Targeting Trends
Reporting highlighted elevated cyber risk around the upcoming **Milano Cortina Winter Games**, with threat researchers warning that high-visibility events attract a broad mix of adversaries including **hacktivists**, **cybercriminals**, and **state-linked espionage actors**. Expected activity includes disruption of Wi-Fi and event digital infrastructure, **DDoS**, and **ransomware/extortion**, alongside intelligence collection targeting high-profile attendees (politicians, executives, celebrities) and event-adjacent **critical infrastructure** such as utilities, transit, ticketing, and point-of-sale systems. Separate threat reporting indicated a shift in **Oceania (Australia/New Zealand/South Pacific)** where 2025 activity disproportionately impacted “Main Street” sectors—especially **retail**, **construction**, and **professional services**—rather than traditionally prioritized critical sectors. The reporting attributed part of this trend to the growing market for **sold network access** (initial access brokerage), citing dozens of tracked access sales affecting Australian and New Zealand organizations, with retail the most frequently impacted; this is distinct from an industry-focused blog post ranking Chinese cybersecurity firms, which is not tied to a specific incident or threat campaign.
1 months ago
Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in **state-linked and politically motivated cyber activity** in Europe, framed as part of broader **hybrid warfare**. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability. Separately, threat reporting tied to the **2026 Winter Olympics** indicates increased **hacktivist mobilization and targeting chatter** against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial **kinetic/physical damage** to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
3 days ago