Understanding threat actor capabilities is only half the battle—the other half is knowing whether your organization is in their crosshairs. See how Bitsight threat intelligence helps you move from observation to action.
In late April 2026, Salt Typhoon was suspected in a breach of an IBM Italy subsidiary that manages IT infrastructure for Italian public and private-sector organizations. Attribution remains suspected, not confirmed.
Valid credentials
Native administrative tools
Create Account
Exfiltration Over Alternative Protocol
Obtain Capabilities Tool
Account Manipulation through SSH authorized keys
Data from Configuration Repository
Associated with long-running espionage operations
Linked to Sichuan Juxinhe Network Technology Co. LTD
Campaign activity continued into 2025 across telecom firms in the United States Europe Africa and Asia
Patch known vulnerabilities including older CVEs
Harden identity and access controls
Monitor for stealthy long-duration intrusions
Review use of valid credentials and native administrative tools
Understanding threat actor capabilities is only half the battle—the other half is knowing whether your organization is in their crosshairs. See how Bitsight threat intelligence helps you move from observation to action.