IBM Italy Subsidiary 2026 Network Breach Reportedly Linked to Salt Typhoon
Published on May 6, 2026
Key Takeaways
- Confirmed cyber incident: IBM confirmed a security breach at its Italian subsidiary, Sistemi Informativi, on May 3, 2026.
- State-sponsored espionage: The Chinese threat group Salt Typhoon is reportedly linked to this ICT sector network intrusion.
- Operational service disruptions: The cyberattack caused technical issues and temporarily took the subsidiary's website offline.
Technology corporation IBM officially this month confirmed a targeted cyber incident affecting its Italy-based subsidiary, Sistemi Informativi. Current threat intelligence reportedly links this network breach to Salt Typhoon, a documented Chinese state-sponsored cyber espionage group.
This incident highlights the persistent targeting of the global information and communication technology (ICT) sector by advanced persistent threats.
Service Disruptions at Sistemi Informativi
Several reports link the Sistemi Informativi intrusion, first reported by La Repubblica, to Chinese hackers, specifically the Salt Typhoon group. Yet, attribution has not been officially confirmed as investigations are ongoing.
The network intrusion into Sistemi Informativi resulted in immediate and observable operational impacts. The IBM Italy subsidiary experienced notable service disruptions following the unauthorized access.
As a direct consequence of the security event, the subsidiary's primary website was temporarily taken offline. Operating in the critical ICT sector, Sistemi Informativi is a valuable target for state-sponsored cyberespionage campaigns seeking access to infrastructure.
Was IBM Italy Breached?
While IBM corporate security teams have officially confirmed the incident, the enterprise has not publicly disclosed the full scope of the network breach. At present, any potential data exfiltration resulting from the Salt Typhoon intrusion remains unverified.
Considering Salt Typhoon's hallmark is silent, and it uses vulnerabilities to gain initial access in confirmed European operations, CISOs are advised to:
- Review IT service providers' access, what security standards they are contractually required to meet, and whether you have audit rights to verify compliance
- Confirm patch currency on Citrix and Cisco infrastructure and review whether any anomalous access patterns coincide with the late April 2026 timeframe.
- Implement behavioral analytics that can identify slow data staging and exfiltration over time, rather than relying on signature-based detection.
Early this year, Salt Typhoon hacked the emails of the U.S. House Staff and maintained access for almost 1 year after hacking the U.S. National Guard in 2024. The same actor was confirmed to be behind the infamous AT&T and Verizon cyber attacks.
In January 2025, the U.S. Treasury Department sanctioned alleged hacker Yin Kecheng and Sichuan Juxinhe Network Technology Company, Ltd. for their connections with Salt Typhoon.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular