The investigation of the attack will show how the hack will affect the national security of the country.
The Swiss National Cybersecurity Center (NCSC) has published a report on the investigation of data leaks after a cyberattack using a ransomware program on Xplain. As a result of the incident, thousands of confidential files of the federal government were affected.
Xplain is a Swiss provider of technologies and software solutions for various government departments, administrative divisions, and even the country's armed forces. The Play group was attacked on May 23, 2023.
The ransomware claimed to have stolen documents containing confidential information and published the stolen data on its darknet site in early June. The Swiss government immediately launched an investigation and confirmed that the leaked data may include documents belonging to the Swiss Federal Administration.
On March 7, authorities announced that 65,000 government documents had been leaked as a result of the breach:
It is noted that the investigation of the authorities, which began on August 23, 2023, should be completed by the end of March. Full results and recommendations on cybersecurity will be presented to the Federal Council.
The length of the investigation is explained by the complexity of analyzing unstructured data and the large volume of leaked data, which required considerable time and resources to sort documents related to the Federal Administration. In addition, the analysis of leaked data for evidence is legally complicated due to the need for coordination of actions and the participation of interdepartmental bodies, which inevitably delays the process.
The Swiss National Cybersecurity Center (NCSC) has published a report on the investigation of data leaks after a cyberattack using a ransomware program on Xplain. As a result of the incident, thousands of confidential files of the federal government were affected.
Xplain is a Swiss provider of technologies and software solutions for various government departments, administrative divisions, and even the country's armed forces. The Play group was attacked on May 23, 2023.
The ransomware claimed to have stolen documents containing confidential information and published the stolen data on its darknet site in early June. The Swiss government immediately launched an investigation and confirmed that the leaked data may include documents belonging to the Swiss Federal Administration.
On March 7, authorities announced that 65,000 government documents had been leaked as a result of the breach:
- Of the nearly 1.3 million files stolen, about 5% (65,000 documents) are related to the Federal Administration;
- Most of the files (95%) relate to administrative divisions of the Federal Ministry of Justice and Police (FDJP);
- The Ministry of Defense, Public Protection and Sports (DDPS) was less affected, accounting for just over 3% of the leaked data;
- About 5,000 documents contained confidential information, including personal data (names, email addresses, phone numbers, and addresses), technical details, classified information, and account passwords;
- A small set of several hundred files contained documentation on the IT system, software, or data architecture, as well as passwords.
It is noted that the investigation of the authorities, which began on August 23, 2023, should be completed by the end of March. Full results and recommendations on cybersecurity will be presented to the Federal Council.
The length of the investigation is explained by the complexity of analyzing unstructured data and the large volume of leaked data, which required considerable time and resources to sort documents related to the Federal Administration. In addition, the analysis of leaked data for evidence is legally complicated due to the need for coordination of actions and the participation of interdepartmental bodies, which inevitably delays the process.
