Hacker attack on PA infrastructure, anti-terrorist Rome investigates

Anti-terrorism prosecutors in Rome have opened an investigation file in relation to the alleged attacks by Chinese hackers on Sistemi Informativi, the IBM company that manages the technological infrastructure for the public administration and large companies in Italia. The proceedings allege the crime of abusive access to a computer system. The attack may have been carried out by the Chinese crew Salt Typhoon. The magistrates, coordinated by the public prosecutor Francesco Lo Voi, are waiting for an initial report from the police to whom the investigation has been delegated. In addition to the company's own technicians, a team from the National Cybersecurity Agency is also at work to verify what happened, clean up and restore the systems' functionality.

"All the institutional actors competent actors are carrying out the procedures foreseen by the normative to define the contours of the attacks on the various systems concerned with the objective of protecting data and guaranteeing services". Thus the Minister for Public Administration, Paolo Zangrillo, who then continued: "The agency for cyber security, whose delegation resides in the Presidency of the Council, initiated all necessary action in a timely manner, working to define the origin and impact, if any, of the attackand to understand which elements of the systems involved may have been breached

Ibm clarifies that the incident was confined to the Information Systems environment. Based on the company's investigation, to date Ibm does not believe this activity is attributable to Salt Typhoon. Consistent with industry best practice, the company does not attribute the activity to a specific group, recognising that formal attribution requires evidentiary standards and intelligence sources beyond technical forensic analysis alone. However, following consultations with internal and external cybersecurity experts and partners, the company assesses that the observed activity is consistent with sophisticated cyber espionage behaviour. As for ransomware and extortion, the company emphasises that no ransomware was involved, and there was no extortion, encryption or blocking of systems associated with this incident. The company also makes it clear that the investigation did not identify any compromise of data or systems of public sector customers. All Sistemi Informativi customers were informed of the containment measures and were kept up-to-date on the results of the investigation, including the conclusion that no public sector customers were compromised. Systems at Sistemi Informativi," Ibm continued, "have been stabilised, affected services have been restored and we continue to monitor our environment as we complete the investigation, further strengthen protection measures and support affected customers.