Milan and Cortina d’Ampezzo, Italy – As the opening of the 2026 Winter Olympics approached, Italian authorities confirmed they had successfully thwarted a series of cyberattacks originating from Russia. The attacks targeted government infrastructure, websites associated with the Games, and hotels in the host cities, raising concerns about escalating digital hostilities amid ongoing geopolitical tensions.
Foreign Minister Antonio Tajani announced on , that the attacks had been neutralized. While details remain limited, the incidents underscore a growing pattern of Russian-linked cyber activity directed against European nations, extending beyond the immediate context of the conflict in Ukraine. The attacks were described as a coordinated wave, suggesting a deliberate and sophisticated campaign.
The targeted entities included offices of the Italian foreign ministry, including one in Washington D.C., according to Tajani’s statement. The focus on Olympic-related sites – including official websites and hospitality infrastructure – points to a potential intent to disrupt the Games and undermine Italy’s international standing.
This isn’t the first instance of cyberattacks targeting the Olympics. Russia was previously linked to disruptive cyber activity during the Winter Games in Pyeongchang, South Korea, and the Summer Games in Paris. The repeated targeting of major international events highlights the potential for cyberattacks to be used as a tool for political signaling and disruption.
According to cybersecurity firm Dragos, the attacks in December specifically targeted combined heat and power plants, as well as systems controlling the distribution of energy from renewable sources – wind and solar – in Poland. With approximately 29 percent of Poland’s energy derived from renewables, the attacks represented a significant threat to the country’s energy infrastructure.
The attackers reportedly gained control of operational technology, the interface between computer networks and physical systems, causing damage to some equipment. While the attack was ultimately contained before causing widespread power outages affecting nearly half a million people, it served as a stark warning of the vulnerability of critical infrastructure.
Initial assessments pointed to the involvement of Sandworm, a unit of the GRU (Russia’s military intelligence agency), known for previous cyberattacks. However, recent indications suggest the attacks may have been carried out by hackers associated with the FSB (Russia’s Federal Security Service), sometimes referred to in cybersecurity circles as “Berserk Bear.”
John Hultquist, Chief Analyst at Google’s Threat Intelligence Group, noted a shift in the FSB’s approach. Historically, the FSB’s cyber operations have been characterized by stealth and espionage. The recent attacks, however, demonstrate a willingness to cause disruption, a departure from past practices. “They have never shown an intent to cause disruption – they just waited for the order,” Hultquist said. “This is the first time in twelve years that they have acted like this.”
The change in tactics raises concerns about the potential for further attacks on critical infrastructure across Europe. Hultquist warned that “Berserk Bear” may have established access to systems that remain undetected, posing a long-term threat. The group is known for its ability to disappear and reappear with updated capabilities, making it difficult to track and counter.
The timing of these attacks is also significant. Analysts suggest Russian President Vladimir Putin may be seeking to exploit perceived divisions between the United States and Europe, particularly regarding issues like the Arctic, and to capitalize on the period before the U.S. Presidential election, which could potentially result in a change in administration and a shift in U.S. Policy towards Russia.
Beyond cyberattacks, European authorities are also investigating instances of physical sabotage. German police recently arrested two men, a Romanian and a Greek national, suspected of sabotaging warships in Hamburg last year, damaging water lines and engines. While the connection to Russia remains unconfirmed, the incidents contribute to a broader pattern of destabilizing activity.
Italy’s successful defense against the cyberattacks targeting the Winter Olympics underscores the importance of robust cybersecurity measures and international cooperation in protecting critical infrastructure. The incident serves as a reminder of the evolving threat landscape and the need for vigilance in the face of persistent cyber aggression.
