Pro-Russian Hacktivists Launch Sustained Cyber Campaign

Olympic Cyber Warfare

Since the 2026 Winter Olympics opened in Milan and Cortina d'Ampezzo on February 6, cybersecurity researchers have tracked a sustained campaign of pro-Russian hacktivist activity targeting Olympic infrastructure, Italian government websites, and diplomatic missions abroad. The dominant group, NoName057(16), has claimed responsibility for attacks against roughly 120 targets.

Italy's cybersecurity agency thwarted the attacks before they caused significant operational disruption, but the campaign highlights the reality that major international sporting events are now permanent targets for geopolitically motivated cyber operations.

Campaign Overview

Attribute	Detail
Primary Threat Actor	NoName057(16)
Attack Type	Distributed Denial of Service (DDoS)
Targets	~120 including Olympic venues, Italian consulates, hotels, government sites
Motivation	Retaliation for Italy's support of Ukraine
Duration	Ongoing since February 6, 2026
Impact	Limited — most attacks mitigated before causing disruption

Who Is NoName057(16)

NoName057(16) is the most prolific pro-Russian hacktivist group operating today. Key facts:

Active since March 2022, shortly after Russia's invasion of Ukraine
Operates the DDoSia crowdsourced attack platform, recruiting volunteers to amplify DDoS capacity
Primarily targets NATO member states and countries supporting Ukraine
Claims operations on Telegram with propaganda messaging
Has previously targeted government websites in Poland, Czech Republic, Lithuania, France, and now Italy

Target Breakdown

Facilities connected to the 2026 Winter Games venues
Hotels in Cortina d'Ampezzo housing athletes and officials
Transportation infrastructure serving Olympic sites

Diplomatic Missions

Italian consulates in Sydney, Toronto, and Paris
Government websites of Italian ministries

Propaganda Messaging

NoName057(16)'s Telegram claims describe the campaign as retaliation for:

Italy's ongoing military and financial support for Ukraine
The economic cost of hosting the Olympics
Italy's alignment with NATO cyber defense initiatives

The Russia Exclusion Factor

A critical context for this campaign: Russia is excluded from medal competition at the 2026 Winter Games. This changes the strategic calculus:

No reputational risk — With no Russian team competing, there is no disincentive from potentially disrupting the Games
Propaganda opportunity — Disrupting Western events aligns with Russia's information warfare objectives
Plausible deniability — Hacktivist groups provide a layer of separation from state-sponsored operations

Palo Alto's Unit 42 researchers note that Russia's exclusion "reduces the traditional deterrents tied to reputational or competitive consequences" that have historically constrained Olympic cyber operations.

Comparison to Previous Olympic Campaigns

Olympics	Threat Actor	Attack	Impact
2018 Pyeongchang	Russia (GRU)	Olympic Destroyer wiper malware	Disrupted opening ceremony IT systems
2021 Tokyo	Multiple state actors	450M attempted attacks	Largely mitigated
2022 Beijing	Multiple	Surveillance concerns, phishing	Athletes warned to use burner phones
2024 Paris	Pro-Russian hacktivists	DDoS, disinformation	Limited operational impact
2026 Milan-Cortina	NoName057(16)	Sustained DDoS campaign	~120 targets, limited disruption

Italy's Defensive Response

Italy's National Cybersecurity Agency (ACN) and partnering security organizations have successfully mitigated most attacks:

DDoS mitigation infrastructure absorbed attack traffic
Real-time monitoring enabled rapid response to new targets
International intelligence sharing provided early warning of planned attacks
No significant service disruptions reported at Olympic venues

What to Expect

The campaign is expected to continue through the closing ceremony on February 22. Security researchers warn of potential escalation tactics:

Combined operations — DDoS as distraction while attempting deeper intrusions
Supply chain targeting — Attacking vendors and service providers to Olympic organizers
Disinformation amplification — Using social media to exaggerate the impact of attacks
Post-Games targeting — Shifting to Italian government and infrastructure targets after the Olympics end

Key Takeaways

120+ targets hit by pro-Russian hacktivists since the Games opened
NoName057(16) is the primary actor, motivated by Italy's support for Ukraine
Russia's exclusion from competition removes traditional deterrents against cyber disruption
Italy's defenses have held — most attacks were mitigated before causing disruption
Every major international event is now a cyber target — Olympic cybersecurity is a permanent requirement

Sources

Olympic Cyber Warfare

Campaign Overview

Attribute	Detail
Primary Threat Actor	NoName057(16)
Attack Type	Distributed Denial of Service (DDoS)
Targets	~120 including Olympic venues, Italian consulates, hotels, government sites
Motivation	Retaliation for Italy's support of Ukraine
Duration	Ongoing since February 6, 2026
Impact	Limited — most attacks mitigated before causing disruption

Who Is NoName057(16)

NoName057(16) is the most prolific pro-Russian hacktivist group operating today. Key facts:

Active since March 2022, shortly after Russia's invasion of Ukraine
Operates the DDoSia crowdsourced attack platform, recruiting volunteers to amplify DDoS capacity
Primarily targets NATO member states and countries supporting Ukraine
Claims operations on Telegram with propaganda messaging
Has previously targeted government websites in Poland, Czech Republic, Lithuania, France, and now Italy

Target Breakdown

Facilities connected to the 2026 Winter Games venues
Hotels in Cortina d'Ampezzo housing athletes and officials
Transportation infrastructure serving Olympic sites

Diplomatic Missions

Italian consulates in Sydney, Toronto, and Paris
Government websites of Italian ministries

Propaganda Messaging

NoName057(16)'s Telegram claims describe the campaign as retaliation for:

Italy's ongoing military and financial support for Ukraine
The economic cost of hosting the Olympics
Italy's alignment with NATO cyber defense initiatives

The Russia Exclusion Factor

A critical context for this campaign: Russia is excluded from medal competition at the 2026 Winter Games. This changes the strategic calculus:

No reputational risk — With no Russian team competing, there is no disincentive from potentially disrupting the Games
Propaganda opportunity — Disrupting Western events aligns with Russia's information warfare objectives
Plausible deniability — Hacktivist groups provide a layer of separation from state-sponsored operations

Comparison to Previous Olympic Campaigns

Olympics	Threat Actor	Attack	Impact
2018 Pyeongchang	Russia (GRU)	Olympic Destroyer wiper malware	Disrupted opening ceremony IT systems
2021 Tokyo	Multiple state actors	450M attempted attacks	Largely mitigated
2022 Beijing	Multiple	Surveillance concerns, phishing	Athletes warned to use burner phones
2024 Paris	Pro-Russian hacktivists	DDoS, disinformation	Limited operational impact
2026 Milan-Cortina	NoName057(16)	Sustained DDoS campaign	~120 targets, limited disruption

Italy's Defensive Response

Italy's National Cybersecurity Agency (ACN) and partnering security organizations have successfully mitigated most attacks:

DDoS mitigation infrastructure absorbed attack traffic
Real-time monitoring enabled rapid response to new targets
International intelligence sharing provided early warning of planned attacks
No significant service disruptions reported at Olympic venues

What to Expect

The campaign is expected to continue through the closing ceremony on February 22. Security researchers warn of potential escalation tactics:

Combined operations — DDoS as distraction while attempting deeper intrusions
Supply chain targeting — Attacking vendors and service providers to Olympic organizers
Disinformation amplification — Using social media to exaggerate the impact of attacks
Post-Games targeting — Shifting to Italian government and infrastructure targets after the Olympics end

Key Takeaways

120+ targets hit by pro-Russian hacktivists since the Games opened
NoName057(16) is the primary actor, motivated by Italy's support for Ukraine
Russia's exclusion from competition removes traditional deterrents against cyber disruption
Italy's defenses have held — most attacks were mitigated before causing disruption
Every major international event is now a cyber target — Olympic cybersecurity is a permanent requirement

Pro-Russian Hacktivists Launch Sustained Cyber Campaign

Olympic Cyber Warfare

Campaign Overview

Who Is NoName057(16)

Target Breakdown

Diplomatic Missions

Propaganda Messaging

The Russia Exclusion Factor

Comparison to Previous Olympic Campaigns

Italy's Defensive Response

What to Expect

Key Takeaways

Sources

Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

Iran-Linked Hackers Breach FBI Director's Personal Email, Hit Stryker With Wiper Attack

Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies with Custom Ransomware

Pro-Russian Hacktivists Launch Sustained Cyber Campaign

Olympic Cyber Warfare

Campaign Overview

Who Is NoName057(16)

Target Breakdown

Diplomatic Missions

Propaganda Messaging

The Russia Exclusion Factor

Comparison to Previous Olympic Campaigns

Italy's Defensive Response

What to Expect

Key Takeaways

Sources

Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

Iran-Linked Hackers Breach FBI Director's Personal Email, Hit Stryker With Wiper Attack

Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies with Custom Ransomware

Olympic Cyber Warfare

Campaign Overview

Who Is NoName057(16)

Target Breakdown

Olympic-Related

Diplomatic Missions

Propaganda Messaging

The Russia Exclusion Factor

Comparison to Previous Olympic Campaigns

Italy's Defensive Response

What to Expect

Key Takeaways

Sources

Olympic Cyber Warfare

Campaign Overview

Who Is NoName057(16)

Target Breakdown

Olympic-Related

Diplomatic Missions

Propaganda Messaging

The Russia Exclusion Factor

Comparison to Previous Olympic Campaigns

Italy's Defensive Response

What to Expect

Key Takeaways

Sources