IBM Italy Subsidiary Sistemi Informativi Hit by Suspected Salt Typhoon Cyberattack in Late April 2026

Sistemi Informativi manages IT infrastructure for Italian public agencies and private firms, making it a critical node in the nation’s digital backbone. The outage triggered alerts from Italy’s cybersecurity authority and raised concerns about third‑party risk in critical services.

IBM confirmed on its website that it “identified and contained a cybersecurity incident” and activated internal and external incident‑response teams. Intelligence sources cited by La Repubblica point to Salt Typhoon, a group active since 2019 that favors supply‑chain compromises and zero‑day exploits against Citrix and Cisco platforms. No public disclosure of compromised records or financial impact has been released.

If Salt Typhoon gained access, attackers could map connections to government databases and potentially issue commands across linked systems, amplifying the breach’s reach. The incident underscores how compromising a single IT integrator can expose multiple downstream customers, a tactic frequently observed in Salt Typhoon’s operations against telecom and defense targets.

Defenders should prioritize patching known vulnerabilities in Citrix ADC (CVE‑2023-3519) and Cisco ASA (CVE‑2022-27518) that Salt Typhoon has exploited in prior campaigns. Implement network segmentation to isolate third‑party management interfaces from internal assets. Deploy detection rules for MITRE ATT&CK techniques T1190 (Exploit Public‑Facing Application) and T1078 (Valid Accounts) using EDR signatures that flag unusual credential usage and lateral movement. Enforce multi‑factor authentication on all privileged accounts and review third‑party access logs for anomalous data transfers.