- There has been an extraordinary cyber attack on federal offices in Switzerland. This is reported by the newspaper “Le Temps”.
- The army, several cantonal police forces, customs, the Federal Office of Police (Fedpol) and private companies are affected.
- The attack went through a joint IT service provider.
- The Federal Office of Police confirmed the attack to Radio SRF. As of now, no Fedpol projects are affected.
On May 23, the IT service provider Xplain was attacked, the hacker group Play reported on the Darknet. Play are the same cybercriminals who recently attacked the Swiss media houses NZZ and CH-Media.
When asked by Radio SRF, Xplain confirmed the attack. Criminal charges have been filed and the National Cyber Security Center informed. The Interlaken-based company wrote in a statement that they did not allow themselves to be blackmailed by the criminals.
Hacked company with no access to operational data
Christoph Gnägi from the Federal Office of Police confirmed to Radio SRF that an attack had taken place. “We were informed by the company that they had fallen victim to a ransomware attack.”
He commented on the extent and severity of the attack as follows: “According to the current state of knowledge, no Fedpol projects are affected. The software service provider has no access to operational data.»
Assessment by SRF digital expert Guido Berger
Guido Berger does not classify the case as dangerous, but nevertheless warns:
“The authorities concerned say no active data has been stolen from active projects as far as they can tell. In that sense, it’s probably not a major accident. It must be said, however, that the outside company likely has information that is sensitive and that would potentially allow an attacker to break into a federal agency along the way. This additional know-how, which they may now have, poses a problem for future attacks.”
According to Gnägi, it is currently unknown whether and to what extent stolen data from Xplain’s customer correspondence will now be published. The IT company Xplain emphasizes that the encrypted and stolen data is not personal or case data of its customers.
Only a small part of the data published
The cybercriminals are said to have stolen thousands of documents in total. According to “Le Temps”, there should be around 900 gigabytes of data. A small part of it has now been published on the Darknet.
According to the media report, it is about IT projects. Canton police, customs and the army are also affected, as is the Ruag armaments company. Some agencies and companies had not directly confirmed the attack.