Understanding the Russian Cyber Threat to the 2026 Winter Olympics

The 2026 Winter Games in Milano Cortina extend beyond sport. Tensions between the Russian Federation and the International Olympic Committee (IOC), stemming from disputes over compliance and governance, lie within a broader geopolitical context. In this environment, the Games may face increased cyber risk, as major international events increasingly intersect with geopolitical competition. The exclusion of Russia from a global stage of historic national importance removes a critical geopolitical guardrail protecting the 2026 Winter Olympic Games.

From Olympic Sanctions to Political Exclusion

Russia’s current isolation from the Olympic movement is driven less by earlier doping-related disputes than by the geopolitical consequences of its 2022 invasion of Ukraine. While past sanctions reflected regulatory enforcement, measures imposed since 2023 sit within a broader political and security context.

Russia’s indefinite suspension followed the invasion of Ukraine just days after the Beijing 2022 Winter Games, which the International Olympic Committee (IOC) condemned as a violation of the Olympic Truce. This was reinforced by Russia’s incorporation of regional sports councils in occupied Ukrainian territories — an action the IOC stated violated the territorial integrity of Ukraine’s National Olympic Committee.

This shift from regulatory sanctions to political exclusion helps explain the current dynamic. In this context, Russia increasingly appears to view the IOC not solely as a sports regulator, but as a political actor within a wider geopolitical framework — an interpretation that carries implications for the security environment surrounding major international events such as the 2026 Winter Games.

This distinction is critical for understanding how Russia perceives the IOC not as a regulatory body, but a political adversary acting in the political interest of Western nations. From the Kremlin’s perspective, the 2026 Winter Olympics ban isn't about charters or truces. It is a political attack on their state legitimacy. This is their primary venue for projecting “great power” status. When the IOC bans the flag, silences the anthem and forces competitors to compete as “Individual Neutral Athletes,” Moscow interprets it as an attempt to erase Russian identity from the global stage.

Russia’s Faltering Identity on the Global Stage

In 2007, Vladimir Putin personally led Russia's successful final presentation in English and French before the International Olympic Committee in Guatemala City. That resulted in Russia winning the right to host the 2014 Winter Olympic Games. That victory and the subsequent 2014 Sochi Winter Olympics were watershed moments for Russia, intended to highlight its resurgence on the global stage. It was meant to project an image of a capable, re-emerging global power with the logistical and political authority to deliver world-class events.

Dating back as far as the 1952 Helsinki Olympic Games, the Russian state (then the Soviet Union) viewed the Games as a diplomatic tool to illustrate the merits of Soviet institutions and communist ideology. Medal counts have long been a way of quantifying that dominance and legitimization, and the Soviet Union still holds the second highest overall medal count of all time. This philosophical strategy remains unchanged today.

Moving Up The Escalation Ladder

Already in 2014, Russia was having challenges with the IOC related to a sports doping scandal that culminated in a ban from the 2018 Winter Olympics in South Korea. Tracing the history of their retaliation against this ban and the additional perceived humiliation and exclusion related to the invasion of Ukraine, we see a clear escalating pattern.

Exposing Data “Everyone Is Doping” (2016 Rio Olympics)

The World Anti-Doping Agency (WADA) was breached in 2016 by the threat actor group Fighting Ursa (aka APT28, Fancy Bear, Strontium, Forest Blizzard). Fighting Ursa is attributed to Russia’s Main Intelligence Directorate (GRU). The group leaked athlete data to discredit the regulators who investigated Russia.

False Flag Tactics Targeting Key Entities (2018 Pyeongchang Olympics)

During the 2018 Winter Olympics in Pyeongchang, Razing Ursa (aka APT44, Sandworm, Iridium) targeted IT infrastructure with Olympic Destroyer malware [PDF]. Targeting broadcasters, officials and sponsors, the attackers employed sophisticated false-flag tactics to frame North Korean and Chinese actors. The operation also utilized VPNFilter to compromise devices across South Korea, causing widespread disruption.

Advanced Reconnaissance (2020 Tokyo Olympics)

Although the games were subsequently postponed due to the coronavirus pandemic, the UK Foreign, Commonwealth & Development Office claimed GRU was conducting cyber operations and reconnaissance in preparation for the games.

AI-Enabled Deception and Defaming (2024 Paris Olympics)

Ahead of the 2024 Paris Games, Russian-linked threat actors (Storm-1679 and Storm-1099) used AI-generated disinformation [PDF] for information operations, creating a fake Netflix documentary, narrated by a Tom Cruise voicealike, to manufacture safety threats and suppress attendance. Separately, the actor Storm-1679 produced deceptive videos over the past year, trying to deter spectators from attending the Games and to defame the IOC. The group did this by falsely suggesting that trusted sources confirm expected violence.

The Outlook: A Changed Strategic Calculus

Russia’s exclusion from medal competition at the 2026 Winter Games changes the strategic context surrounding Milan Cortina. With no national team participating, traditional deterrents tied to reputational or competitive consequences are reduced.

Russian officials' repeated public comments illustrate they no longer view the IOC as a neutral sporting body, but as operating within a broader political environment. Given the history of Russian-linked cyber activity targeting past Olympic Games, the risk of state-aligned cyber operations cannot be discounted, potentially drawing on previously observed disruptive or influence-based tactics.

The exclusion of Russia from the Milan Cortina 2026 Winter Olympics carries significant symbolic weight, distinct from their absence at the Paris 2024 Summer Olympics. Because marquee events like ice hockey and figure skating are so deeply embedded in Russian national pride, their absence is felt more profoundly than exclusion from Summer sports. Given the particular prominence of winter sports in Russia's national sporting identity, this banishment from a flagship event may intensify perceptions and influence responses concerning the upcoming Winter Games.

Considering the aforementioned, we’re looking at the potential threat picture as a combination of separate or complementary attacks:

• Kinetic Cyber Effects on Critical Infrastructure: The possible deployment of destructive malware targeting operational technology essential to venue operations to affect configurations and paralyze infrastructure. Specific targets could include the power grid in the Dolomites, snow-making equipment, and scoring networks; systems where a compromise would cause immediate physical disruption and event interruption or cancellation.
• Exploiting the V2X “Smart Road” Attack Surface: The digitization of Smart Road SS51 Alemagna toward Cortina, creates a large, novel vulnerability through its vehicle-to-infrastructure (V2I). The road relies on smart poles with cameras, fiber optics and internet-of-things (IoT) sensors, creating a potential attack surface where threat actors could inject false telemetry or hijack Variable message Signs (VMS) weaponizing traffic patterns to cause gridlock or endanger drivers in transit.
• AI Amplified Hybrid Threats and Deepfakes: Generative AI will likely serve as a force multiplier for physical or cyber attacks, which could amplify confusion into panic. In a hybrid scenario, threat actors could combine a cyber-based disruption with the release of high-fidelity deepfake audio or video depicting a catastrophic event. This technique would flood social media and alert channels with disinformation transforming a minor technical outage into a public safety crisis.
• Geopolitical Information Warfare (IO): Threat actors are likely to exploit public interest in the Olympics to disseminate narratives and disinformation. This could include creating websites that imitate legitimate media sources, with the goal of targeting audiences and disparaging the IOC and Western nations.
• Strategic Hack-and-Leak Operations: High-profile attendees, IOC officials and anti-doping agencies face a high risk of “weaponized transparency”, stealing data for political leverage. Through targeting phishing and social engineering, threat actors will focus on private emails and therapeutic use exemptions intended to manufacture scandal, embarrass host organizers and undermine the credibility of the Games.

It’s time to accept that for the Kremlin, disrupting these games is an acceptable measurable way to reclaim “Great Power” status they feel was unfairly taken. For cybersecurity professionals, the threat model has shifted significantly from espionage to disruption, necessitating a need to focus on resilience over protection of physical infrastructure.

For those defenders operating within the Games’ digital perimeter, the priority should be zero-trust visibility. Security teams must enforce anomaly detection to flag irregular behavior in IoT devices and apply strict telemetry verification to prevent spoofing. Critically, infrastructure must be micro-segmented ensuring a compromised edge device cannot move laterally to critical control systems.

Finally, organizations should implement content provenance measures to verify legitimate communications against AI-generated content, while maintaining heightened vigilance surrounding the probable surge in social engineering and event-related phishing campaigns.