Attack on IBM Sistemi Informativi: the Chinese threat to Italian critical infrastructures

A recent cyberattack against IBM Sistemi Informativi, a key company for the digital management of the Italian Public Administration, has highlighted the growing threat posed by Chinese state actors against European critical infrastructures. The incident, which occurred in May 2026, underscored the vulnerability of digital supply chains and the need to strengthen national cyber defenses.

A sophisticated and targeted attack

Although specific technical details have not yet been disclosed, the attack appears to have been conducted with a high level of sophistication. IBM stated that the observed activity is consistent with advanced cyber espionage behaviors, although the company chose not to formally attribute the attack to a specific group.

Initially, the Chinese group Salt Typhoon was indicated as a possible culprit. This group, known for its advanced technical capabilities and the use of customized malware, has previously targeted critical infrastructures in Europe and the United States. However, IBM clarified that the attack was confined to the Sistemi Informativi environment and did not compromise the systems of public sector clients.

The broader context: Chinese pressure on European infrastructures

The attack on IBM Sistemi Informativi fits into a broader context of constant pressure exerted by Chinese state actors against European infrastructures and technological assets. In recent years, APT (Advanced Persistent Threat) groups aligned with China no longer target only military or scientific infrastructures but increasingly "public-private hybrid" systems, where cooperation with the state makes information strategic.

Among the targets of these attacks are:

  • Access to digital PA
  • Telematic flows of social security entities such as INPS and INAIL
  • Energy systems and critical infrastructures

The Chinese model of cyber espionage

China has developed a unique model of cyber espionage, combining plausible deniability and scalability through the use of private contractors operating on behalf of the government. A significant example is the case of Chinese engineer Xu Zewei, arrested in Italy in 2025 and subsequently extradited to the United States for his involvement in the Hafnium campaign, which compromised over 12,700 organizations worldwide.

This model allows China to:

  • Maintain plausible deniability
  • Operate with specialized teams on different fronts
  • Collect technological know-how and monitor critical infrastructures

Implications for Italy

For Italy, the attack on IBM Sistemi Informativi represents a concerning signal of the vulnerability of national strategic digital infrastructures. A stable compromise of the systems could have exposed:

  • Citizen data
  • Credentials
  • Public contracts

The incident also highlighted the need to strengthen national defensive capabilities, from digital intelligence to the protection of ICT supply chains. Cooperation between the public and private sectors and the timely sharing of intelligence will be crucial to addressing this growing threat.

Strengthening cyber defenses

The security of supply chains, especially in sectors such as critical infrastructures, is crucial. The attack on IBM Sistemi Informativi underscores the importance of:

  • Implementing advanced cloud security solutions
  • Adopting zero trust strategies
  • Strengthening cybersecurity in supply chains
  • Investing in intrusion detection and response systems

Conclusions

The attack on IBM Sistemi Informativi is not an isolated episode but a signal of the growing pressure from Chinese state actors. For Italy, this represents a call to action to strengthen cyber defenses and protect national critical infrastructures. Cybersecurity is no longer an option but a strategic necessity to ensure the stability of institutions and the national economy.

Additional Resources

The strategic impact of the attack on IBM Sistemi Informativi

The incident that hit IBM Sistemi Informativi reveals a concerning trend: the growing sophistication of cyberattacks against Italian critical infrastructures. The company, which manages systems for public entities and large national groups, represents a strategic target for anyone aiming to compromise the country's stability.

The vulnerabilities of digital supply chains

The attack highlights a critical point: the security of digital supply chains. Many companies, especially those operating in strategic sectors such as energy, telecommunications, and finance, depend on IT service providers. A successful attack against one of these providers can compromise the entire supply chain, creating a domino effect that is difficult to contain.

The role of the National Cybersecurity Agency

The intervention of the ACN represents an important step in responding to the attack. The Agency is working to clean up and restore the compromised systems, but also to better understand the tactics used by the attackers. This episode underscores the importance of a national agency dedicated to cybersecurity, capable of coordinating responses and implementing preventive measures.

Implications for the private sector

The attack on IBM Sistemi Informativi should serve as a wake-up call for all Italian companies, regardless of the sector. IT infrastructures must be protected with the same attention given to physical plants. Investing in cybersecurity is no longer an option but a necessity to ensure operational continuity and the protection of sensitive data.

The need for an integrated national strategy

The complexity of the attack underscores the need for an integrated national strategy for cybersecurity. This requires not only investments in advanced technologies but also the training of specialized personnel and collaboration between the public and private sectors. Only a coordinated approach can ensure effective defense against increasingly sophisticated threats.

Future challenges

The landscape of cyber threats is constantly evolving. State actors and criminal groups are developing new tactics, exploiting zero-day vulnerabilities and emerging technologies. For Italy, the challenge will be to keep pace with these threats while ensuring the protection of critical infrastructures and the security of sensitive data.

Additional Resources

Editorial Note and Disclaimer

The guides and content published on GoYou are the result of independent research and analysis activities, for informational, educational, and in-depth purposes.

GoYou does not constitute a journalistic publication or an editorial product pursuant to Law No. 62/2001 and does not engage in real-time information activities.

The GoYou project does not provide professional, technical, legal, or financial advice and disclaims all responsibility for the improper use of the information published.

In the Crypto sector, every investment involves risks: readers are invited to always inform themselves autonomously before making any decision.