A few days before the opening ceremony of the XXV Winter Olympic Games in Milan and Cortina d’Ampezzo, Italian authorities announced the thwarting of a series of cyberattacks targeting Olympic venues and Italian government websites. Italian Foreign Minister Antonio Tajani publicly announced this, stating that the attacks had a “Russian connection” and were neutralized without serious consequences for the Olympic infrastructure or government agencies.
Confirming Mr. Tajani’s claims, a group known as NoName057(16), a pro-Russian hacker group, claimed responsibility for the attacks. They used DDoS attacks (overloading websites with “junk” traffic) to claim their actions were politically motivated, claiming that the Italian government, which supports Ukraine, was “punished by our DDoS missiles.”
It’s important to emphasize that NoName057(16) is not an official unit of the Russian intelligence services and positions itself as an “ideological” group, allegedly acting on its own initiative. However, according to cybersecurity experts and EU law enforcement agencies, its activities regularly coincide with Moscow’s foreign policy interests and key international events sensitive to Russia. For this reason, NoName057(16) is often viewed as a non-state, yet politically motivated, actor, embedded in the broader context of hybrid warfare.
The group became active in the spring of 2022, amid Russia’s full-scale invasion of Ukraine, and almost immediately began a series of DDoS attacks on Ukrainian news portals and government websites, explaining its actions as a “response to anti-Russian information policy.”
That same year, the geography of the attacks expanded. They targeted websites of government agencies and infrastructure operators in Estonia, Latvia, and Lithuania—countries that consistently supported Ukraine and increased sanctions pressure on Russia. Characteristically, many attacks coincided with visits by Ukrainian officials or announcements by the authorities of these countries regarding military aid to Kyiv.
In January 2023, NoName057(16) disrupted services across the entire financial sector in Denmark. The denial-of-service attack paralyzed the operations of several Danish banks, including Jyske Bank and Sydbank. Experts believe the attack was aimed less at causing economic damage than at creating a sense of vulnerability and exerting information pressure on society.
NoName057(16) activity was subsequently recorded in Finland, Denmark, and the Czech Republic. In Finland, the attacks occurred during the country’s NATO accession debate, while in the Czech Republic, the Prague transport system website and other public portals were attacked, with the attacks peaking around the presidential election and the new government’s anti-Russian statements.
In 2024, the group claimed involvement in attacks on French government and municipal websites, as well as on infrastructure related to preparations for the Paris Olympic Games. On Christmas Eve 2025, Noname057(16) carried out a cyberattack that disrupted the French national postal service.
NoName057(16) also made its presence known in Canada. In December 2024, the group claimed responsibility for over 40 cyberattacks targeting Canadian organizations in the telecommunications, transportation, government, and financial sectors. This occurred shortly after Ottawa announced expanded military aid to Ukraine.
In each of these cases, NoName057(16) systematically selected targets in countries whose political positions conflict with Russia’s interests, accompanying the attacks with public statements on Telegram channels.
Organizationally, the group operates through a network of volunteers coordinated online and uses tools like DDoSia, which allows for the mass recruitment of supporters for “overload” attacks, making it difficult to directly identify the participants.
Nevertheless, in July 2025, an international operation involving intelligence agencies from 12 countries was launched against the group. Over a hundred servers worldwide were dismantled, two arrests were made in France and Spain, and seven arrest warrants were issued, including six for Russian citizens. Despite this, the group continued its activities.
The group’s cyberintrusions in Italy focused on the websites of the Italian Ministry of Foreign Affairs, including its Washington office, and websites related to Winter Olympics venues, including the websites of hotels in Cortina d’Ampezzo where athletes and official delegations were staying.
Hackers attempted to disable internet services and make them unavailable by using DDoS attacks to overload servers. Italian authorities perceived these attempted digital attacks as a serious threat to national security. Cybersecurity specialists managed to mitigate the threat, and major disruptions to websites and infrastructure were avoided thanks to the joint efforts of national security services, the cybersecurity operations center, and private IT security partners. Minister Tajani emphasized that the attacks were repelled and critical services were not disrupted.
In their “traditional” reports, representatives of NoName057(16) directly link the cyberattacks to Italy’s political stance on Ukraine and its support during the war with Russia. Once again, the group has confirmed that they view the attacks not as profit-driven crimes, but as “ideological” ones, part of an information war aimed at demonstrating influence and pressure.
As for the International Olympic Committee (IOC), representatives of the organization refrained from making specific assessments or comments, stating that security issues are closed to public discussion.
It will be important to consider the events of 2026 in the context of previous Olympics, where cybersecurity threats have already become a reality.
One of the most notorious attacks occurred before the opening of the 2018 Winter Games in South Korea. The Olympic Destroyer virus disabled internet services, Wi-Fi, and the ticket printing system, ultimately causing significant disruptions to the organizing committee’s networks. Experts linked the attack to hacker groups likely linked to Russia, as well as the use of false flags.
During the 2016 Summer Olympics in Brazil, DDoS attacks were recorded on the official websites of the Games and major organizations, and the Russian group Fancy Bear (APT28), linked to Russian military intelligence (GRU), conducted a phishing campaign that resulted in the theft and publication of confidential athlete data.
During the 2024 Olympics in France, French cybersecurity authorities registered dozens, and by some estimates, hundreds, of attempted attacks, including DDoS, phishing, and attempts to disrupt network services. Russian groups, including APT28, were also caught targeting French government agencies and organizations involved in the Games’ preparations.
The attempted cyberattack ahead of the 2026 Olympics is not an isolated incident. History shows that major international sporting events are also becoming “arenas” for digital confrontations in cyberspace. The Olympic Games, traditionally intended to symbolize peace and unification, are nonetheless becoming a platform for digital attacks that reflect real-world conflicts.