On May 5, 2026, it was reported that hackers linked to China gained unauthorized access to critical systems within Italy's public infrastructure, specifically involving a key subsidiary of IBM known as Sistemi Informativi. The intrusion lasted for approximately 20 days and has elevated alarms among cybersecurity officials and government authorities due to the sensitive nature of the targeted systems.

Sistemi Informativi is integral to Italy's digital landscape, managing IT infrastructure for various public agencies and essential services, including social security and resilience programs. Investigators emphasize the gravity of the breach, highlighting that while there has been no immediate visible disruption to public services, the extensive duration of the intrusion suggests that substantial data could have been silently extracted, posing long-term security threats.

Although the attack did not cause direct operational failures or outages, its sophisticated nature has drawn comparisons to "long-term intelligence-gathering" campaigns typical of advanced persistent threat (APT) groups. The Salt Typhoon group, known for its espionage activities targeted at Western infrastructure, is suspected in this operation, although official attribution is still pending due to the complex circumstances surrounding the breach.

This incident marks a notable escalation in cyber operations directed at European infrastructure from state-linked entities. Security experts warn about the increasing challenges posed by reliance on third-party providers for critical services, underscoring the potential vulnerabilities that arise from such dependencies.

Italian authorities are currently coordinating with cybersecurity specialists to assess the breach’s full implications and ensure that effective countermeasures are in place to protect national interests. As investigations continue, the incident serves as a critical reminder of the growing importance of cybersecurity in safeguarding public services against foreign cyber threats.