Chinese-linked cyber group breaches Italian IT firm managing public infrastructure
AI-generated from multiple sources. Verify before acting on this reporting.
ROME — A China-linked cyber espionage group known as Salt Typhoon successfully breached Sistemi Informativi, an Italian subsidiary of IBM that manages critical IT infrastructure for public and private institutions across the country. The intrusion was detected on May 3, 2026, marking a significant escalation in state-sponsored cyber activity targeting European critical infrastructure.
Sistemi Informativi provides essential technology services to government agencies, healthcare providers, and utility companies throughout Italy. Security experts confirmed the group gained unauthorized access to internal networks, though the extent of data exfiltration remains under investigation. The breach aligns with Salt Typhoon’s documented pattern of targeting telecommunications and infrastructure sectors to advance Chinese state interests.
The attack occurred during a period of heightened cyber tensions between Western nations and Beijing. Italian cybersecurity officials have not yet disclosed whether sensitive government data was compromised, but initial assessments indicate the group maintained persistent access for an undisclosed duration before detection. Systems were isolated immediately following the discovery, and forensic teams are working to determine the full scope of the intrusion.
IBM has not issued a public statement regarding the incident, but internal communications suggest the company is coordinating closely with Italian authorities. The breach represents one of the most significant cyber incidents involving Italian critical infrastructure in recent years. Previous Salt Typhoon operations have targeted telecommunications providers in North America and Southeast Asia, often exploiting vulnerabilities in network equipment to establish long-term access.
Italian officials are reviewing the incident as part of broader efforts to strengthen national cybersecurity defenses. The government has not confirmed whether the breach affected specific public services or led to operational disruptions. Questions remain regarding whether the group accessed classified information or whether the intrusion was part of a coordinated campaign targeting multiple European entities.
Cybersecurity researchers note that Salt Typhoon frequently uses sophisticated social engineering tactics and zero-day exploits to infiltrate high-value targets. The group’s ability to compromise a major IT service provider in Italy raises concerns about the vulnerability of interconnected critical infrastructure across the continent. Authorities are expected to release further details as the investigation progresses.