China-linked hackers remained inside computer systems connected to Italy’s public sector for nearly three weeks, raising serious concerns among authorities.
The main worry is not the risk of immediate disruptions, but rather the volume of data that may have been quietly extracted and could potentially be weaponized in the future, according to decode39.
The attackers maintained access for approximately twenty days to the systems of an Italian company belonging to the IBM group, which is a key provider of digital infrastructure for government services.
The targeted environments were linked to major institutions, including social security and insurance agencies, as well as platforms supporting the country’s recovery and resilience programs. Despite no direct evidence of large-scale data leaks, the duration and stealth of the operation suggest that some confidential information may have been accessed without detection.
Notably, this was not a destructive attack: the incident did not cause outages or visible malfunctions, and the public did not experience any consequences. The operation was conducted with the precision and restraint typical of long-term intelligence-gathering campaigns.
Investigators are examining a possible connection between the breach and the “Salt Typhoon” group, previously observed in espionage campaigns against Western infrastructure, particularly in the United States. While attribution has not been officially confirmed, the tactics are consistent with sophisticated targeted attacks: stealthy intrusion, lateral movement, and prolonged network presence. Such groups typically have significant resources and operate in state interests.
