Swiss government hit by double cyberattack: ransomware and DDoS

The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while days later, it warned that it was targeted in DDoS attacks.

The IT supplier in question is Xplain, a Swiss technology provider that supplies software solutions to various government departments, administrative units, and even the country’s military force. According to the government, Xplain was hit by a ransomware attack on May 23, 2023, by a group known as Play. The attackers encrypted Xplain’s network and stole some of the data, which they later posted on their leak site on June 1.

Read: Deepfake sextortion: FBI warns of new threat

The stolen data included documents with sensitive information about the Swiss federal administration, such as contracts, invoices, project plans, and correspondence. The government said that it was not aware of any misuse of the data so far, but it was taking the incident very seriously and conducting a thorough investigation.

“Clarifications are currently underway to determine the specific units and data concerned,” reads the press release published on the government portal. “Contrary to the initial findings and following recent in-depth clarifications, it has to be assumed that operational data could also be affected.”

Meanwhile, the Swiss government also announced that it was facing ongoing distributed denial-of-service (DDoS) attacks that were affecting some of its online services. The attacks started on June 12 and have been targeting various websites and portals of the federal administration. The attack was launched by NoName, a pro-Russian hacktivist group targeting NATO-aligned countries and entities in Europe, Ukraine, and North America since early 2022.

The government said it was working with its partners and service providers to mitigate the attacks and restore normal operations as soon as possible. It also urged Swiss companies to implement recommended measures and best practices to prevent ransomware attacks, such as patching systems, securing remote access connections, blocking dangerous email attachments, and making offline backups.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.