Cyberattack on IBM Information Systems: the Chinese threat to Italian digital infrastructures

A recent cyberattack against IBM Information Systems, a crucial company for the digital functioning of the Italian Public Administration, has highlighted the vulnerability of national critical infrastructures to advanced cyber threats. The incident, which occurred in May 2026, was attributed to hacker groups linked to China, although IBM avoided indicating a specific group.

Immediate response and ongoing investigations

The attack triggered a rapid response from Italian authorities. The Rome Anti-Terrorism Unit opened an investigation on May 5, while the ACN (National Cybersecurity Agency) and IBM Information Systems collaborated to contain the incident and restore the compromised systems.

The Chinese threat: a sophisticated and planned attack

Although no specific technical details have been disclosed, investigations suggest that the attack was carried out with advanced techniques, potentially exploiting zero-day vulnerabilities or custom malware. IBM stated that the incident remained confined to its internal systems, without compromising the data or services of public sector clients.

The event fits into a broader context of constant pressure from Chinese state actors against European infrastructures and technological assets. The complexity of the threat suggests a planned operation aimed not only at information theft but also at mapping digital supply chains, particularly those related to public data management and national logistics.

Salt Typhoon: one of the most dangerous APT groups

Among the main suspects is Salt Typhoon, one of the most sophisticated APT (Advanced Persistent Threat) groups of the cyber military apparatus of the People's Republic of China. Its campaigns are distinguished by:

  • High technical capability
  • Use of custom malware
  • Strategic focus on infrastructural and governmental targets

Salt Typhoon has previously targeted:

  • European telecommunications networks
  • An American satellite company (Viasat)
  • U.S. Army National Guard networks
  • Dutch government agencies and energy infrastructures

The Chinese model of cyber espionage: deniability and scalability

China uses a model of cyber espionage based on a network of private contractors operating on behalf of the government, ensuring:

  • Plausible deniability
  • Scalability and specialization

This approach was highlighted by the case of Chinese engineer Xu Zewei, arrested in Italy in 2025 and subsequently extradited to the United States. Xu allegedly participated in the Hafnium campaign (2020–2021), which exploited Microsoft Exchange Server vulnerabilities to compromise over 12,700 organizations.

Implications for Italy

The attack on Information Systems represents a concerning signal of the vulnerability of Italy's strategic digital infrastructures. A stable compromise of its systems could have exposed:

  • Citizen data
  • Credentials
  • Public contracts
  • Internal procedures of key entities such as INPS and INAIL

The incident underscores the urgent need to strengthen national defensive capabilities through:

  • Public-private cooperation
  • Timely intelligence sharing
  • Protection of ICT supply chains

Cybersecurity as a national priority

Europe and Italy have been paying for a historical underestimation of the cyber threat as an element of foreign policy and national security. The future of Italian cybersecurity will depend on the awareness that every cyberattack does not only aim at data theft but at the stability of the institutions and the national economy.

Useful resources for further reading

To better understand cyber threats and defense techniques:

The European context and strategic implications

The attack on Information Systems fits into a broader framework of escalating cyber threats in Europe. In recent years, the continent has become a digital battlefield, with state and non-state actors targeting critical infrastructures and public-private hybrid systems. The particular attention towards companies that manage services for the public administration, such as Information Systems, reveals a targeted strategy to compromise the digital supply chain of European states.

The vulnerabilities of ICT supply chains

The episode underscores the crucial importance of protecting ICT supply chains. Companies operating in strategic sectors such as energy, telecommunications, and finance are often privileged access points for malicious actors. The compromise of a single link in the chain can have systemic repercussions, putting not only sensitive data but also the operational continuity of entire economic sectors at risk.

The challenges of coordinated response

The joint intervention of ACN, police forces, and IBM's internal teams demonstrates the need for a coordinated response to cyberattacks. However, managing crises of this type remains complex, especially when it comes to attributing responsibility for the attack with certainty. The lack of shared standards for formal attribution represents a significant challenge for security agencies and companies victimized by attacks.

Implications for national security

The attack highlights how cybersecurity must be considered an absolute priority for national security. The compromise of systems that manage sensitive data of the public administration can have serious consequences for institutional stability and the national economy. It is fundamental that European governments invest in cybersecurity capabilities and adopt best international practices.

Future prospects

The future of cybersecurity in Italy and Europe will depend on the ability to adapt to increasingly sophisticated threats. Collaboration between public and private sectors, intelligence sharing, and the adoption of international best practices will be key elements in addressing this challenge. Additionally, it will be necessary to develop rapid and coordinated response capabilities, able to limit damage and quickly restore the functionality of compromised systems.

Additional resources for further reading

For those who wish to further explore the topics discussed:

Editorial Note and Disclaimer

The guides and content published on GoYou are the result of independent research and analysis activities, for informational, educational, and in-depth purposes.

GoYou does not constitute a journalistic publication or an editorial product pursuant to Law No. 62/2001 and does not perform real-time information activities.

The GoYou project does not provide professional, technical, legal, or financial advice and disclaims all responsibility for the improper use of the information published.

In the Crypto sector, every investment involves risks: readers are invited to always inform themselves independently before making any decision.