As the Milano Cortina 2026 Winter Olympics approach, cybersecurity researchers and industry experts warn that the Games will once again serve as a high-value convergence point for cybercrime, espionage, and politically motivated disruption. According to Palo Alto Networks' Unit 42, nation-state actors, cybercriminal groups, and hacktivists are expected to target Olympic-related infrastructure not only for short-term impact but also for long-term access, intelligence collection, and global visibility.[1]
History suggests these concerns are well-founded. During the PyeongChang 2018 Games, attackers disrupted Wi-Fi and digital infrastructure. Ahead of the Tokyo 2020 Games, Russian-linked threat actors attempted to sabotage pre-Games operations. During the Paris 2024 Olympics, researchers observed a spike in DDoS attacks, Olympics-themed phishing campaigns, and scam traffic, underscoring how quickly threat activity escalates during global events. With more than 3 billion people expected to watch the Milano Cortina Games, Unit 42 notes that not only Olympic organizers but also venues, vendors, service providers, and local suppliers become part of an expanded, highly complex attack surface.
The report identifies three primary incentives for driving cyber activity around the Games.
- Financial gain - Ransomware, fraud, ticket scams, and payment-related attacks targeting fans, vendors, and partners
- Intelligence collection - Espionage campaigns aimed at diplomats, government officials, executives, and other high-value attendees
- Public disruption and influence - Hacktivist activity designed to generate attention, spread political messaging, or undermine confidence in the event itself
While tactics often overlap, Unit 42 emphasizes that nation-state actors tend to operate quietly and patiently, remaining embedded in environments for months or even years, collecting intelligence while avoiding detection.
Across all threat categories, phishing remains the most common entry point, often involving spoofed websites, emails with weaponized attachments, or impersonation of trusted partners. Once inside, attackers rely on custom tooling for command-and-control, tunneling, and persistence, rather than on noisy malware, thereby enabling them to blend into routine operations.
This focus on abusing trust rather than exploiting zero-days is echoed by industry experts. "The biggest risks to large events like the Olympics don't come from new exploits," said Randolph Barr, CISO at Cequence Security. "They originate from people misusing legitimate apps, identities, and corporate processes," Barr notes that during major events, access privileges are often temporarily elevated, APIs are heavily exercised, and security teams are under pressure to prioritize availability. This creates ideal conditions for attackers to abuse trusted access, scrape data, commit fraud, and remain embedded for long periods without triggering traditional security alerts. He also cites real-world examples in which AI-generated deepfakes and impersonation scams have resulted in losses totaling tens of millions of dollars, attacks that become even more convincing in the high-pressure, fast-moving environment of a global sporting event.
Scams target fans and employees alike. From the fan perspective, phishing and scams remain a dominant threat. "Events like the Olympics are a favorable time for cybercriminals," said Darren Guccione, CEO and Co-Founder of Keeper Security. He warns that attackers will impersonate Olympic officials, sponsors, athletes, and even friends or family members to steal credentials, payment information, or money. Guccione advises fans and organizations alike to be cautious of unsolicited messages, fraudulent ticket offers, fraudulent contests, and malicious links purporting to be event updates. Strong password hygiene, eliminating reused credentials, and using enterprise password managers are critical to reducing exposure.
Mobile threats are another major concern highlighted by experts. "The Winter Olympics creates a great opportunity for mobile-targeted cyber threats," said Krishna Vishnubhotla, VP of Product Strategy at Zimperium. Fake betting apps, malicious streaming links, and fraudulent login pages often bypass traditional security controls, especially as employees stream events and engage on mobile devices. Vishnubhotla stresses the importance of mobile-first security strategies, including on-device detection that identifies threats in real time even when users are off corporate networks.
Despite the sophistication of modern attacks, some guidance remains timeless. "If it sounds too good to be true, it probably is," said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd. Ford cautions against purchasing tickets or merchandise from unverified sources, installing apps from ads or unofficial links, or conducting personal transactions on work accounts, habits that attackers routinely exploit during major events.
The Unit 42 report makes one point clear: the greatest risks to the Milano Cortina 2026 Olympics stem from trust, complexity, and scale. Attackers are not just targeting infrastructure; they are targeting people, identities, applications, and workflows. For organizations involved in the Games, defending against these threats will require more than perimeter security. It requires visibility into how systems are used, the ability to detect subtle abuses, and controls designed to protect trust itself.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.secureworld.io/industry-news/cyber-threats-milano-cortina-2026-winter-olympics
Comments