With the Milano Cortina Winter Olympics set to kick off on February 6, security experts are warning of an upcoming spate of cyber attacks and scams.
Cyber criminals and nation-state hackers, said Palo Alto Networks, will pounce on the opportunity to disrupt the games, steal data, or make a political statement.
Likely attackers, it said, include groups like Muddled Libra, Insidious Taurus and Salt Typhoon, using social engineering attacks, DDoS attacks, API vulnerabilities and more.
“The sheer volume of people, systems, money, and data surrounding the Milano-Cortina 2026 Winter Games create a target-rich environment for attackers. Cyber criminals may cast a wide net with their scams and phishing campaigns. Like a futbol striker, making one out of a thousand attempts can make the difference,” the researchers said.
“Celebrities, politicians, and business leaders will likely be in attendance. Well-resourced nation-state actors may take advantage of this rare opportunity for close access and mount sophisticated attacks to compromise and surveil these VIPs and/or their staff. The stakes are high, in terms of strategic intelligence and impact.”
Critical infrastructure has long been a prime target for ransomware gangs, and the Olympics could see attacks against power or water services, transit systems like buses, trains, and light rail, or ticketing systems and point of sale terminals.
And there’s a strong chance that politically motivated groups will attempt to make their point by hijacking, disrupting or defacing digital infrastructure.
Nation-state groups could target diplomats, NGOs, think tanks and others to collect strategic intelligence or spread their own narrative. Just this happened, indeed, during the 2024 Olympics, when the Russia-backed espionage group Fighting Ursa – also known as APT28 or Fancy Bear – attempted to counter Olympic anti-doping investigations.
Meanwhile, there’s likely to be a rash of scams and phishing campaigns against attendees, using fake websites, bogus QR codes, fraudulent apps and other tools. The U.S. Federal Trade Commission has warned fans planning to travel to Italy for the games to be on their guard against fake ticket resellers or fake vacation rental ads.
During the 2024 Paris Olympics, authorities reported more than 140 cyber incidents, including a threat from a pro-Russian group to attack sewage treatment plants, aiming to pollute the Seine during the games.
Microsoft identified a number of campaigns against France, president Emmanuel Macron, the International Olympics Committee and the Paris Games themselves. The campaign appeared to be aimed at damaging the reputation of the IOC and spreading fear of violence breaking out to try and put people off attending.
At the same time, researchers at security firm Kaspersky spotted numerous scam websites offering tickets for Olympic competitions at “exclusive” prices, or claiming to have seats for sold-out events. One, identified by security firm Proofpoint, was listed as the second sponsored search result on Google—after only the official website—when searching for “Paris 2024 tickets.”
Organizations, said the Palo Alto researchers, should move quickly to tighten up their defenses to make sure they don’t fall victim this time round.
“For athletes and defenders alike, winners will be determined by preparation and strategy,” they said.
“Organizations participating in the Milano-Cortina 2026 Winter Games must understand where they fit in the event’s ecosystem and coordinate defenses together.”
