The Milan-Cortina 2026 Olympic and Paralympic Games were a paradigmatic and unprecedented global event due to certain distinctive characteristics, such as the fragmented geographical distribution of the competitions and the potential exposure to a whole range of conflicting interests, stemming from a geopolitical context that is highly unstable on various fronts.

Risk factors and scenarios

The event served as a unique test case for the security of IT and telecoms infrastructure and proved to be a highly significant experience for the relevant sector, for at least two key reasons: the exposure of complex critical infrastructure (IT/OT) to breaches that could have had destructive consequences; the management of considerable amounts of sensitive information through an integrated network of legacy systems and new cloud-native platforms.

Furthermore, the Games lent themselves to being used as a sounding board for InfoOps and PsyOps, but also as a bait for opportunistic cybercrime campaigns. Further complicating the risk forecasting landscape was the increasingly extensive exploitation of new AI-based technologies by cybercriminals.

The predictive analyses released shortly before the opening ceremony raised concerns about potential sabotage attempts – both state-sponsored and hacktivist – modelled on those seen at similar events, such as the disruption of Wi-Fi and other digital infrastructure during the 2018 Pyeongchang Games. In addition, peaks in DDoS offensives were expected, similar to those recorded during Paris 2024. Finally, preparations were made to manage large-scale InfoOps aimed at destabilising the information landscape. At the same time, analysts anticipated a significant increase in BEC/CEO frauds and social engineering campaigns, supported by deepfake content, designed to capitalise on themes related to the Olympics.

Among the entities potentially at risk were government institutions, large private groups involved in the organisational structure of the Games, the physical infrastructure where all activities directly and indirectly related to the competitions took place, the media, the financial and management networks, the logistics, the hospitality sector, and the emergency and healthcare networks. Furthermore, potential targets could have included all participants, sports teams, individual athletes, VIPs, spectators and staff.

The risk scenarios evidently covered every level of impact. By way of example – without invoking disastrous outcomes, such as a power cut or the disruption of logistics – it would have been sufficient for a threat actor to gain access to the competition scoring system to inflict serious operational damage, with significant legal and reputational consequences.

Resilience and overall protection

In this context, key factors for the resilience and overall protection of the event were the ability to integrate physical and cyber security against hybrid threats and efficient coordination between institutions, organizers and private stakeholders.

In January 2025, the framework protocol for the Games’ cybersecurity was signed. The agreement, signed by the Director General of the National Cybersecurity Agency (ACN), Bruno Frattasi, and the President of CONI and the Milano Cortina 2026 Foundation, Giovanni Malagò, defined the terms of the collaboration for the protection of IT infrastructure during the event. At the end of November, the Foundation signed an agreement with the Department of Public Security of the Italian Ministry of the Interior, involving the National Cybercrime Centre for the Protection of Critical Infrastructure (CNAIPIC), the Lombardy Cyber Security Operations Centre and those of the Postal Police in Veneto and Trentino-Alto Adige, which have been tasked with developing protection strategies and procedures, as well as response protocols in the event of cyber attacks. These activities have been supported by a 24-hour operations room and a data and information-sharing platform.

Malicious activities by pro-Russian adversaries

Among the malicious activities actually detected, pro-Russian DDoS campaigns stand out, claimed by groups such as the hacktivist collective NoName057(16). Specifically, this adversary has claimed responsibility for attacks against the Olympic Committees of Spain, Lithuania, Poland, Austria and Finland. In Italy, it targeted accommodation facilities for the Games, whilst in other countries it also struck organisations that had no specific connection to them. At the same time, the group continued to use techniques to amplify media coverage of its actions, such as publishing the ‘They write about us’ column, which featured articles and informational content.

Among other explicit incidents, the BD Anonymous collective, believed to be of South Asian/Bengali origin, claimed responsibility for the DDoS attack against the Polish Olympic Committee. The message conveyed on that occasion aimed to draw attention to the Palestinian issue.

Among the main InfoOps monitored by analysts, those of Russian origin – in particular Matryoshka and Portal Kombat – disseminated false and defamatory articles, primarily concerning Ukraine, managing to generate considerable media coverage.

A positive outcome

According to the Director General of the ACN, the outcome of the event is positive. The more than one hundred attacks detected, particularly at the start of the Games, were all successfully dealt with, stated Bruno Frattasi, without any consequences, because the ability to respond at the border was very effective.

TS-Intelligence

The information reported is the result of the collection and analysis work carried out by the specialists of Telsy’s Threat Intelligence & Response team with the support of the TS-Intelligence platform, a proprietary, flexible, and customizable solution that provides organizations with a detailed risk landscape.

It is available as a web-based and full-API platform, designed to be integrated into the organization’s systems and defensive infrastructures, with the goal of enhancing protection against complex cyber threats.

The platform’s continuous research and analysis on threat actors and emerging online threats—whether APTs or cybercrime—produces a constant stream of exclusive intelligence, delivered in real time and structured into technical, strategic, and executive reports.

Discover more about our Cyber Threat Intelligence services.