The Olympics have traditionally been a major attack vector for cyber disruption, espionage, and financially motivated attacks.
The 2018 Winter Olympic Games in PyeongChang saw the Olympic Destroyer malware used to disrupt Wi-Fi, ticket, and venue systems during the opening ceremony of the games. During the Paris 2024 event, there was an increase in scanning, DDoS, and other attempts targeting Olympic-related systems.
The Milan-Cortina 2026 event kicks off today, promising to be the most geographically distributed Winter Olympics on record. This will see the attack surface expand even further, spanning multiple cities, suppliers, digital platforms, and temporary networks.
Security leaders warn that this creates new opportunities for nation-state actors, ransomware groups, hacktivists, and bad actors targeting everything from core infrastructure to ticketing systems and unsuspecting spectators.
A High-Risk Cybersecurity Environment
According to Daniela Giannini, Senior Security Engineer at Black Duck: “The Olympic Games represent a uniquely high-risk cybersecurity environment because they attract massive global attention, rely on critical infrastructure, involve high-profile individuals, and operate through extremely complex and interconnected digital ecosystems such as ticketing systems, broadcasting platforms, transportation networks, scoring systems, and mobile applications, all of which create a broad and appealing attack surface for cyber adversaries.”
She says the Olympic Destroyer attack was a state-linked cyber sabotage operation during the PyeongChang 2018 Winter Olympics, in which attackers used sophisticated phishing, lateral movement, and destructive malware to cripple Olympic networks.
“Politically or ideologically driven groups view the Games as a stage where a single, well-timed DDoS attack or damaging data leak can disrupt official services, undermine public trust, and embarrass host nations. State-sponsored attackers operate quietly and with long-term intent, infiltrating networks months in advance to steal sensitive information or sabotage logistics. For organised cybercriminals, ransomware is a powerful tool: compromising just one critical component, such as ticketing or accreditation, can halt the seamless operation of the Games.”
Expect Scams
Muhummad Yahya Patel, Cybersecurity Advisor at Huntress, add that there is a high risk of cyber disruption when it comes to major international sports such as the Winter Olympics.
“The visibility of this event is likely to attract a wide range of threat actors with different motivations from opportunistic organized cybercriminals to nation-state actors and hacktivist groups. Human identity and credentials will be a major target for these criminals, who will impersonate ticketing and hotel booking sites and run phishing campaigns. Attendees should ensure they maintain good device hygiene, enable multi-factor authentication on all their accounts, and keep the device OS and apps up to date.”
Patel advises remaining vigilant for emails and messages related to the event and expecting scams. For organisers, it’s important to have layered defences to protect the infrastructure, Security Operations Centre (SOC) experts monitoring the infrastructure at all times, a ransomware strategy in place, and an incident response plan, tested and executed.”
A Supply Chain Problem
“During the PyeongChang 2018 opening ceremony, the Olympic Destroyer malware executed,” adds Gary Fagan, CPO at Cytidel. “Wi-Fi went down. Thousands of internet-connected TVs across the stadium and 12 other Olympic facilities went black. All RFID security gates in Olympic buildings stopped working. The official app broke, taking digital ticketing with it.”
He says the attackers didn’t directly breach Olympic systems. They got in through Atos, the IT service provider hosting the Olympic cloud infrastructure.
“This is a supply chain problem that every organization faces. Milan-Cortina 2026 will be the most geographically distributed Winter Olympics ever held, with events spread across Lombardy, Cortina, and Val di Fiemme. More venues mean more suppliers, more temporary networks, more organisations whose threat profile just changed.”
Paris 2024 saw 141 incidents that ANSSI responded to, Patel says. “Of those, 22 involved attackers successfully breaching systems. None disrupted the Games. That’s three years of preparation, coordination across government and private sector, and a dedicated team of 630 cybersecurity specialists.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.