As the Milano Cortina 2026 Winter Olympics approach, cybersecurity researchers and industry experts are warning that the Games will once again serve as a high-value convergence point for cybercrime, espionage, and politically motivated disruption.
According to Palo Alto Networks' Unit 42, nation-state actors, cybercriminal groups, and hacktivists are all expected to target Olympic-related infrastructure—not just for short-term impact, but for long-term access, intelligence collection, and global visibility.
History suggests these concerns are well-founded. During the PyeongChang 2018 Games, attackers disrupted Wi-Fi and digital infrastructure. Ahead of the Tokyo 2020 Games, Russian-linked threat actors attempted to sabotage pre-Games operations. During the Paris 2024 Olympics, researchers observed a spike in DDoS attacks, Olympics-themed phishing campaigns, and scam traffic, underscoring how quickly threat activity escalates during global events.
With more than 3 billion people expected to watch the Milano Cortina Games, Unit 42 notes that not only Olympic organizers but also venues, vendors, service providers, and local suppliers become part of an expanded, highly complex attack surface.
The report identifies three primary incentives driving cyber activity around the Games.
Financial gain - Ransomware, fraud, ticket scams, and payment-related attacks targeting fans, vendors, and partners
Intelligence collection - Espionage campaigns aimed at diplomats, government officials, executives, and other high-value attendees
Public disruption and influence - Hacktivist activity designed to generate attention, spread political messaging, or undermine confidence in the event itself
While tactics often overlap, Unit 42 emphasizes that nation-state actors tend to operate quietly and patiently, remaining embedded in environments for months or even years, collecting intelligence while avoiding detection.
Across all threat categories, phishing remains the most common entry point, often involving spoofed websites, emails with weaponized attachments, or impersonation of trusted partners. Once inside, attackers rely on custom tooling for command-and-control, tunneling, and persistence, rather than noisy malware, enabling them to blend into regular operation.
This focus on abusing trust—rather than exploiting zero-days—is echoed by industry experts.
"The biggest risks to large events like the Olympics don't come from new exploits," said Randolph Barr, CISO at Cequence Security. "They originate from people misusing legitimate apps, identities, and corporate processes."
Barr notes that during major events, access privileges are often temporarily elevated, APIs are heavily exercised, and security teams are under pressure to prioritize availability. This creates ideal conditions for attackers to abuse trusted access, scrape data, commit fraud, and remain embedded for long periods without triggering traditional security alerts.
He also points to real-world examples where AI-generated deepfakes and impersonation scams have already resulted in losses reaching tens of millions of dollars—attacks that become even more convincing in the high-pressure, fast-moving environment of a global sporting event.
From the fan perspective, phishing and scams remain a dominant threat.
"Events like the Olympics are a favorable time for cybercriminals," said Darren Guccione, CEO and Co-Founder of Keeper Security. He warns that attackers will impersonate Olympic officials, sponsors, athletes, and even friends or family members to steal credentials, payment information, or money.
Guccione advises fans and organizations alike to be cautious of unsolicited messages, fake ticket offers, fraudulent contests, and malicious links posing as event updates. Strong password hygiene, eliminating reused credentials, and using enterprise password managers are critical to reducing exposure.
Mobile threats are another major concern highlighted by experts.
"The Winter Olympics creates a great opportunity for mobile-targeted cyber threats," said Krishna Vishnubhotla, VP of Product Strategy at Zimperium. Fake betting apps, malicious streaming links, and fraudulent login pages often bypass traditional security controls, especially as employees stream events and engage on mobile devices.
Vishnubhotla stresses the importance of mobile-first security strategies, including on-device detection that identifies threats in real time—even when users are off corporate networks.
Despite the sophistication of modern attacks, some guidance remains timeless.
"If it sounds too good to be true, it probably is," said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd.
Ford cautions against purchasing tickets or merchandise from unverified sources, installing apps from ads or unofficial links, or conducting personal transactions on work accounts—habits that attackers routinely exploit during major events.
The Unit 42 report makes one point clear: the greatest risks to the Milano Cortina 2026 Olympics stem from trust, complexity, and scale.
Attackers are not just targeting infrastructure; they are targeting people, identities, applications, and workflows. For organizations involved in the Games, defending against these threats will require more than perimeter security. It demands visibility into how systems are actually being used, the ability to detect subtle abuse, and controls designed to protect trust itself.
Follow SecureWorld News for more stories related to cybersecurity.