Italy Thwarts Suspected Russia-Linked Cyberattacks Targeting Milano Cortina Winter Olympics
Italian officials reported disrupting cyberattacks attributed to Russia that targeted infrastructure connected to the Milano Cortina Winter Olympics, including attempted intrusions against Olympic-related sites such as hotels in Cortina. Foreign Minister Antonio Tajani also said multiple Italian government foreign offices (including the office in Washington) were targeted, and the reporting noted broader concern about pro-Russia hacktivist activity flagged by UK authorities. Separately, the same reporting highlighted a potential risk to event-related digital resilience stemming from a dispute in which Cloudflare’s CEO threatened to withdraw free services in response to an Italian regulator’s fine over alleged anti-piracy rule violations.
In parallel to the Olympics security environment, Italian authorities investigated suspected physical sabotage of railway infrastructure in northern Italy that disrupted travel during the Games’ opening days, including fires, severed cables, and discovery of a makeshift explosive device near tracks—incidents that caused major delays on routes serving Olympic host areas. While the rail incidents were treated as deliberate sabotage and compared by officials to disruptions seen during the Paris 2024 Olympics, they were not described as cyber in nature; they nonetheless underscore the broader hybrid risk profile around major international events where both digital and physical infrastructure may be targeted.
Timeline
Feb 9, 2026
Italian leaders publicly condemn sabotage and warn of threats to the Games
Prime Minister Giorgia Meloni condemned the protests and suspected sabotage, saying opponents were trying to undermine Italy and the event, while authorities confirmed investigations into the rail incidents. Around the same time, Italy's foreign minister publicly disclosed the wave of blocked cyberattacks targeting Olympics-linked systems.
Feb 9, 2026
Protests in Milan lead to arrests during Olympics opening period
Large protests against the Winter Olympics and broader economic issues took place in Milan, and six people were arrested after clashes. The demonstrations occurred alongside the transport disruptions during the Games' opening days.
Feb 9, 2026
Suspected sabotage hits rail infrastructure in northern Italy
Multiple suspected sabotage incidents struck railway infrastructure in northern Italy during the opening days of the Winter Olympics, including fires, severed cables and a makeshift explosive device near tracks. Police cited at least three incidents, including damage near Bologna and an arson attack on a track-switch structure near Pesaro, causing delays of up to two and a half hours and affecting thousands of travelers.
Feb 9, 2026
Italy begins blocking suspected Russian cyberattacks on Olympics infrastructure
Italian officials said they started thwarting cyberattacks assessed as originating from Russia that targeted foreign ministry offices, including the office in Washington, as well as Olympics-related infrastructure such as hotels in Cortina. The Milano Cortina Winter Olympics were described as a primary target of the activity.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Italy Reports Russia-Origin Cyberattacks Targeting Milano Cortina Winter Olympics
Italian Foreign Minister **Antonio Tajani** said Italy has already blocked a series of cyberattacks he described as being “of Russian origin” that targeted both **Italian Foreign Ministry** systems and infrastructure linked to the **Milano Cortina Winter Olympics**, including **hotels in Cortina**. He cited attacks affecting foreign ministry sites beginning with an office in **Washington, D.C.**, but did not provide technical details on the intrusion methods, impact, or whether the activity was state-directed versus aligned **pro-Russia hacktivists**. Italian media reporting indicated local authorities had prepared in advance for elevated cyber risk around the Games, including a dedicated team working with Olympic organizers’ experts to defend the event environment. The reporting also echoed broader warnings from European partners (including the UK) not to underestimate pro-Russia-aligned actors and noted Russia’s history of targeting major international sporting events, though no specific attribution beyond Tajani’s “Russian origin” characterization was provided in these accounts.
3 weeks ago
Threat Intelligence on Elevated Cyber Risk Around Major Events and Regional Targeting Trends
Reporting highlighted elevated cyber risk around the upcoming **Milano Cortina Winter Games**, with threat researchers warning that high-visibility events attract a broad mix of adversaries including **hacktivists**, **cybercriminals**, and **state-linked espionage actors**. Expected activity includes disruption of Wi-Fi and event digital infrastructure, **DDoS**, and **ransomware/extortion**, alongside intelligence collection targeting high-profile attendees (politicians, executives, celebrities) and event-adjacent **critical infrastructure** such as utilities, transit, ticketing, and point-of-sale systems. Separate threat reporting indicated a shift in **Oceania (Australia/New Zealand/South Pacific)** where 2025 activity disproportionately impacted “Main Street” sectors—especially **retail**, **construction**, and **professional services**—rather than traditionally prioritized critical sectors. The reporting attributed part of this trend to the growing market for **sold network access** (initial access brokerage), citing dozens of tracked access sales affecting Australian and New Zealand organizations, with retail the most frequently impacted; this is distinct from an industry-focused blog post ranking Chinese cybersecurity firms, which is not tied to a specific incident or threat campaign.
1 months ago
Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in **state-linked and politically motivated cyber activity** in Europe, framed as part of broader **hybrid warfare**. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability. Separately, threat reporting tied to the **2026 Winter Olympics** indicates increased **hacktivist mobilization and targeting chatter** against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial **kinetic/physical damage** to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
3 days ago