Unit 42 researchers emphasize that the modern Olympic Games are perceived by attackers as a vast digital ecosystem, not a single event or organization.
The rest of the article is below the video:
“The attack surface today covers not only the infrastructure of the organizers, but also the systems of technology partners, service providers, transport operators, media and public institutions involved in the operation of the Games. As data from Palo Alto Networks show, nearly every fourth security incident in Europe starts at third parties, which means that weaker security measures from one supplier may become the entry point to systems crucial for the entire event,” we read in the analysis.
“Our analysts predict that the most frequently used attack vector during events of this scale remains phishing, which very often leads to a breach of corporate e-mail security. In 76 percent In phishing cases, attackers managed to gain access to systems through Business Email Compromise (BEC) attacks. These campaigns are based on carefully prepared messages impersonating management staff, business partners or suppliers, and their goals are, among others: approving false invoices, changing contractors' data, initiating unauthorized payments or bypassing multi-factor authentication mechanisms,” says Tomasz Pietrzyk, senior manager for technological solutions at Palo Alto Networks in Central and Eastern Europe.
See also: Giant data leak. List of websites
Unit 42 analysts also observe the growing number of so-called ClickFix campaigns, in which victims are encouraged to “solve the problem” reported in a false system message on their own. These types of messages may inform you about an expired password, a login error, or the need to pass a security test. Clicking on the attached link or performing the suggested action actually leads to downloading malware or sending credentials to crafted login pages. An increasingly used technique is SEO poisoning. Attackers create fake websites and manipulate their search engine positioning so that they appear high in users' search results. These websites often resemble legal login portals, technology partner websites or technical support websites. Interacting with them may lead to data theft, malware installation, or further escalation of the attack in the organization's environment.
What such a cyber attack might look like in practice is shown by an example from the 2018 Winter Olympics, when a cyber attack led to disruptions in the operation of key systems – from IT infrastructure, through access control systems, to applications used by participants and organizers. – we read in the report.
While that incident was primarily of a demonstrative and sabotage nature, today similar activities could be combined with data theft, financial fraud or influence operations, using much more advanced social engineering techniques and AI-based automation. In the context of the Milan-Cortina 2026 Winter Olympics, this means increased activity of both groups focused on quick financial gain and politically motivated actors for whom the games may become an opportunity for demonstrative attacks, espionage activities or undermining the credibility of the organizers and partners of the event.
How threatened is Poland?
“From Poland's perspective, the Winter Olympic Games will probably not be a source of new threats, but rather a catalyst for activities that are already underway. In the conditions of persistent geopolitical tensions, the country is facing an unprecedented intensity of cyberattacks targeting local companies and critical infrastructure, even before the start of the Olympic events. The Games as a global event with high media visibility may, in this context, become a convenient pretext for the escalation of phishing campaigns, BEC attacks and sabotage activities, which are already observed in Poland in practice. This dynamic was confirmed by the attempted coordinated attack on elements of the national energy infrastructure revealed at the end of 2025, which, according to government information, could have led to a domino effect and disruptions in energy supplies,” adds Tomasz Pietrzyk.
“Effective protection against this type of threats requires preparation long before the start of the Games, and from Poland's perspective – going beyond the standard framework of the approach to cybersecurity. This includes not only securing one's own infrastructure, but also safe separation of IT and OT systems, so that a potential attack on office networks cannot translate into the paralysis of public services or critical infrastructure. Active search for threats in the organization's networks, including the detection of advanced attack techniques hidden under legal administrative tools, as well as consistent protection of users' identities based on strict Zero Trust principles – especially with regard to technical staff, who remain one of the main targets of advanced social engineering campaigns,” we also read in the Palo Alto Networks analysis.
