242/69 Tuesday, May 5, 2026
In late April 2026, a cybersecurity incident targeted Sistemi Informativi, an IBM subsidiary responsible for managing critical IT infrastructure for government and industrial sectors in Italy. The incident raised concerns among security agencies and critical infrastructure providers, as the company’s systems are interconnected with multiple sectors across the country.
IBM confirmed that the incident was detected and contained, and that response measures were carried out in coordination with internal and external cybersecurity experts. The company stated that services have been restored to normal operations. However, details regarding the impact have not yet been disclosed, and the investigation remains ongoing. Intelligence sources have suggested a possible link to Salt Typhoon, a highly sophisticated advanced persistent threat (APT) group known for targeting critical infrastructure using zero-day vulnerabilities.
This incident underscores the risks associated with reliance on third-party providers in national critical systems. A breach affecting a single service provider can potentially grant attackers broad access to multiple organizations’ networks and data. It highlights the urgent need for European countries to strengthen cybersecurity measures and enhance collaboration between public and private sectors to address increasingly complex and evolving threats.