IBM Subsidiary Hit By Cyber-Attack by Chinese Espionage Group
A breach at Sistemi Informativi, an IBM Italy-owned infrastructure provider, has raised serious concern across Italy’s public-sector and critical infrastructure ecosystem. The company manages technology environments for key public and private institutions, making the incident far more consequential than a routine enterprise breach. The firm’s website was reportedly offline for hours during containment, underscoring the operational impact.
Italian reporting has linked the incident to possible activity by Salt Typhoon, a China-linked cyber-espionage group known for targeting telecommunications, defense logistics, government networks, and critical infrastructure. If confirmed, the attack would fit a broader pattern of sophisticated APT activity focused on silent persistence, supply-chain compromise, zero-day exploitation, and long-term infrastructure mapping rather than quick smash-and-grab theft. Because Sistemi Informativi sits inside Italy’s digital supply chain, compromise of this type could give attackers insight into interconnected government systems, service dependencies, trusted access paths, and sensitive infrastructure relationships.
This is exactly where organizations need a single unified security and infrastructure data lake, like NIKSUN, that delivers 100% visibility across networks, endpoints, identities, cloud, applications, and third-party connections. By consolidating packets, flows, logs, DNS, VPN activity, privileged access events, configuration changes, vulnerability data, and L2–L7 session analytics, defenders can detect stealthy APT behavior such as unusual admin access, covert command-and-control, slow data exfiltration, and lateral movement across managed environments. Powered by agentic AI orchestration, autonomous threat hunting, AI root-cause analysis, and automated containment, this unified platform turns fragmented telemetry into real-time situational awareness. Read more about this story on our LinkedIn page
Italian reporting has linked the incident to possible activity by Salt Typhoon, a China-linked cyber-espionage group known for targeting telecommunications, defense logistics, government networks, and critical infrastructure. If confirmed, the attack would fit a broader pattern of sophisticated APT activity focused on silent persistence, supply-chain compromise, zero-day exploitation, and long-term infrastructure mapping rather than quick smash-and-grab theft. Because Sistemi Informativi sits inside Italy’s digital supply chain, compromise of this type could give attackers insight into interconnected government systems, service dependencies, trusted access paths, and sensitive infrastructure relationships.
This is exactly where organizations need a single unified security and infrastructure data lake, like NIKSUN, that delivers 100% visibility across networks, endpoints, identities, cloud, applications, and third-party connections. By consolidating packets, flows, logs, DNS, VPN activity, privileged access events, configuration changes, vulnerability data, and L2–L7 session analytics, defenders can detect stealthy APT behavior such as unusual admin access, covert command-and-control, slow data exfiltration, and lateral movement across managed environments. Powered by agentic AI orchestration, autonomous threat hunting, AI root-cause analysis, and automated containment, this unified platform turns fragmented telemetry into real-time situational awareness. Read more about this story on our LinkedIn page