Switzerland's National Cyber Security Centre (NCSC) has officially disclosed the aftermath of a ransomware attack against a major government IT provider, claiming that roughly 65,000 sensitive government data files were breached because of the incident.
As per the report, following the hacking attack on Xplain, a significant supplier of IT services to federal and cantonal authorities, the NCSC assumed oversight of incident management inside the Federal Administration and has released a report to determine its aftermath comprehensively.
(Photo: ROB ENGELAAR/ANP/AFP via Getty Images)
Sweden has grappled with disruptions in their online services following a ransomware attack attributed to a Russian hacker group.
Over 1.3 million files in the data package were made available on the darknet. Following the data download, all papers pertinent to the Federal Administration were methodically categorized and prioritized by the NCSC.
The findings indicated that about 65,000 documents, or 5% of the entire released data collection, contained data that was pertinent to the Federal Administration. About 14% (9,040) of these files belonged to the Federal Administration, whereas Xplain owned the majority of these files (47,413), accounting for almost 70% of the total.
Read Also: LoanDepot's Recent Cyberattack Victims Soar to 17 Million Customers Having Their Data Stolen
Leaked Government Files
About half of the Federal Administration's files contained sensitive material, including passwords, technical data, personal information, and classified information (5,182). 4,779 of these files contained personal information such as names, email addresses, phone numbers, and postal addresses.
Furthermore, 278 files had technical data, including software requirements, architectural specifications, and documentation on IT systems; 121 objects were categorized in compliance with the Information Protection Ordinance; and 4 objects included passcodes that could be read.
The Federal Office of Justice, Federal Office of Police, State Secretariat for Migration, and the internal IT service center ISC-FDJP accounted for around 95% of the Federal Administration's files. These units are the administrative branches of the Federal Department of Justice and Police (FDJP).
The Federal Department of Defence, Civil Protection and Sport (DDPS) is minimally affected in terms of volume, with just over 3% of the data, while the other departments are just slightly affected.
Year-Old Ransomware Attack
The ransomware group "Play" reportedly carried out the cyberattack on May 23, 2023, during which the gang was assumed to have grabbed the complete package of stolen data. DDoS assaults were reportedly launched against the online portal of the Swiss Federal Railways and the websites of the Swiss federal government in June 2023, rendering several websites inaccessible.
On June 12, 2023, the finance ministry announced that no data was lost in the hack and that "NoName," a pro-Russian group, was the source of the attack on its Telegram channel. On June 14, 2023, however, the ransomware gang "Play" posted the private government document on the darknet. This includes private and sensitive Federal Administration data as well as classified material.
After that, the NCSC oversaw the incident response, established a plan to restore system security, and thoroughly reviewed the material that had been made public.
According to Hackread, from June 2022 to October 2023, the "Play" ransomware group is thought to have its headquarters in Russia in charge of almost 300 successful attacks on companies and vital infrastructure across North America, South America, and Europe. The organization employs a two-pronged extortion strategy, starting with illegal access to third-party services like RDP and VPN.
Related Article: Cactus Ransomware Gang Is Extorting Schneider Electric After Stealing 1.5 TB of Data
