Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics

Italy thwarted a series of cyberattacks of “Russian origin” targeting diplomatic missions abroad and sites linked to the upcoming Winter Olympics, Foreign Minister Antonio Tajani said Wednesday.

The attempted attacks hit multiple foreign ministry offices “starting with Washington,” according to Tajani, as well as facilities connected to the 2026 Winter Games, including hotels in the Alpine resort of Cortina d’Ampezzo. He did not disclose technical details of the incidents.

France 24, citing the foreign minister’s office, reported that roughly 120 targets were affected, including consulates in Sydney, Toronto and Paris, as well as hotels where winter sports athletes are staying. The attacks did not cause significant disruption, the broadcaster reported.

The pro-Russian hacker group NoName057(16) claimed responsibility, describing the campaign as retaliation for Italy’s support for Ukraine. “The Italian government’s pro-Ukrainian policy means that support for Ukrainian terrorists is punished with our DDoS attacks,” the group said on Telegram.

NoName057(16), which emerged shortly after Russia’s full-scale invasion of Ukraine in 2022, has focused largely on European countries backing Kyiv, including Poland, Czechia, Lithuania and Italy. The group relies on relatively simple but disruptive distributed denial-of-service (DDoS) attacks, mobilizing hundreds of volunteers and a loose network of servers.

The 2026 Winter Olympics are scheduled to take place from Feb. 6 to Feb. 22, 2026, in Milan and the nearby Cortina d’Ampezzo region.

Russia has been barred from competing as a nation in the 2026 Games over its war in Ukraine, though a limited number of Russian and Belarusian athletes — 13 and seven, respectively — have been cleared to compete as neutrals, without national flags or anthems.

Russia-linked hackers have previously targeted countries hosting major sporting events. During the 2018 Winter Olympics in Pyeongchang, the Russian state-sponsored hacking group Sandworm, also known as APT44, disrupted the Games’ IT infrastructure using so-called Olympic Destroyer malware in a false-flag operation designed to implicate North Korean and Chinese actors.

Russia was barred from competing under its national flag at the 2018 Winter Olympics after investigators uncovered a state-run doping program. In a separate incident, another Kremlin-backed hacking group, Fancy Bear, breached the World Anti-Doping Agency in 2016, leaking athletes’ medical data in an apparent attempt to undermine regulators probing the Russian doping scandal.

During the 2024 Summer Olympics, French authorities and researchers reported an increase in cyber and disinformation activity that they said originated from Russia.

Russian state officials have not publicly commented on Italy’s latest allegations.