Ahead of the Winter Olympics in February, Italian security services “foiled a series of cyberattacks” of “Russian origin,” targeting Foreign Ministry offices, including the embassy in Washington, as well as Olympic-related infrastructure such as hotels in Cortina (Reuters, 2026).
Major sporting events have long been attractive targets for state-linked cyber operations. The most consequential example remains the 2018 Winter Olympics in Pyeongchang. On the night of the opening ceremony, malware later referred to as the “Olympic Destroyer” disabled Wi-Fi networks, disrupted the official website, and temporarily crippled ticketing systems (US Justice Department, 2020). Forensic investigations by cybersecurity firms and Western governments attributed the attack to Russia’s GRU military intelligence service. British intelligence services have previously warned of attempted targeting around the Tokyo Games in 2021.
Russia’s strained relationship with the Olympic movement, further strained by doping bans and, more recently, its war in Ukraine, has sharpened that dynamic. Moscow was formally excluded from this year’s Games, although 13 Russian and seven Belarusian athletes competed as neutrals among roughly 3,500 global participants.
Italian officials didn’t immediately disclose technical details, but the scope of the reported targeting suggested a coordinated campaign rather than isolated phishing attempts. Embassy systems are attractive entry points. They carry diplomatic communications, visa processing data, and sensitive coordination with host governments. Olympic hotels and event infrastructure represent soft targets with high symbolic value. Disrupting bookings, credential systems, or internal communications would generate immediate operational stress.
Cyber operations in this context often follow a familiar structure:
Foiling the attacks suggests Italian cybersecurity teams detected anomalies early, likely through network monitoring, threat intelligence sharing, and segmentation of critical systems.
Russian cyber strategy frequently operates within a hybrid framework that blends technical intrusion with narrative positioning. Even unsuccessful attacks can serve strategic ends if they reinforce perceptions of vulnerability or fuel political tension. Italy’s rapid attribution of “Russian origin” to actors reflects confidence in technical indicators and intelligence sharing. Public acknowledgement also signals deterrence. It frames the attempted intrusions as geopolitical rather than criminal.
Still, Italy’s reported interception suggests lessons have been internalized across Europe. Real-time intelligence sharing, segmented network architecture, and constant monitoring are now standard components of Olympic planning.
The competitions in Milan and Cortina played out on ice and snow. Yet the more consequential contest, over resilience, deterrence, and digital sovereignty, continued across secure networks and operations rooms.