Ransomware attack in Swiss technology provider
The National Cyber Security Centre (NCSC) of Switzerland has released a report detailing its investigation into a significant data breach resulting from a ransomware attack on Xplain, a prominent Swiss technology and software provider catering to various government sectors, including administrative units and the military.
The attack, perpetrated by the Play ransomware gang on May 23, 2023, led to the unauthorized access and subsequent publication of sensitive federal government files on the darknet.
According to the Swiss government’s latest statement, approximately 65,000 government documents were compromised in the breach. Out of the 1.3 million files published by the ransomware group, around 5% were identified as relevant to the Federal Administration. The majority of these compromised files, constituting 95%, impacted administrative entities within the Federal Department of Justice and Police (FDJP), such as the Federal Office of Justice, the Federal Office of Police, the State Secretariat for Migration, and the internal IT service center ISC-FDJP. The Federal Department of Defence, Civil Protection and Sport (DDPS) was also affected, albeit to a lesser extent, comprising just over 3% of the leaked data.
The leaked documents contained a variety of sensitive information, including personal data such as names, email addresses, telephone numbers, and addresses, as well as technical details, classified information, and account passwords. Additionally, a smaller subset of files, numbering a few hundred, included IT system documentation, software data, and passwords.
The investigation into the breach, which commenced on August 23, 2023, is nearing completion, with the full results and cybersecurity recommendations slated to be presented to the Federal Council by the end of the month. The prolonged duration of the investigation is attributed to the intricate task of analyzing unstructured data and the substantial volume of leaked documents, necessitating significant time and resources to identify those pertinent to the Federal Administration. Furthermore, the legal complexities surrounding the analysis of confidential information require inter-agency coordination and participation, contributing to the prolonged investigative process.
