Chinese-linked Salt Typhoon suspected in Italy’s Sistemi Informativi breach

As reported by Security Affairs, a significant cybersecurity incident at Sistemi Informativi, an IBM Italy subsidiary, has raised alarms regarding the escalating activities of Chinese-linked cyber operations across Europe, with the group Salt Typhoon being a prime suspect.

The breach, which occurred in late April 2026, impacted Sistemi Informativi, a critical IT infrastructure provider for numerous Italian public and private entities. IBM confirmed the incident, stating that systems are now stable, but offered no details on the scope. Multiple intelligence sources suggest the China-linked cyber espionage group Salt Typhoon may be responsible.

Salt Typhoon, active since at least 2019, is known for its sophisticated attacks, often exploiting supply-chain vulnerabilities and zero-day exploits in systems like Citrix and Cisco. The group has previously targeted European telecom providers, Viasat, Canadian telecom firms, the U.S. Army National Guard, and Dutch government networks. If confirmed, this attack on Sistemi Informativi could expose sensitive data and provide attackers with access to Italy's critical digital infrastructure.

Source: Security Affairs