IBM Italy subsidiary Sistemi Informativi suffered a significant cybersecurity breach in late April 2026, with intelligence sources linking the sophisticated attack to the China-affiliated espionage group Salt Typhoon.

Key Points

• IBM confirmed a security incident at its Sistemi Informativi unit, which manages critical IT infrastructure for Italian public and private institutions.
• Forensic investigations suggest the involvement of Salt Typhoon, a state-linked advanced persistent threat group active since 2019.
• The attackers reportedly utilized supply-chain vulnerabilities and zero-day exploits to infiltrate the network, mirroring tactics used against Viasat and various government entities.
• Sistemi Informativi’s systems were taken offline for several hours during containment, though IBM reports that services have since been restored.
• Salt Typhoon has previously targeted telecommunications, defense logistics, and government networks across the United States, Canada, and the Netherlands.

Why it Matters

This breach underscores the systemic risk posed by third-party IT providers, which serve as high-value gateways to sensitive government and industrial databases. As cyber espionage groups increasingly target infrastructure integrators, European nations face urgent pressure to enhance supply-chain security and cross-sector intelligence coordination.