Swiss cybersecurity experts are still unable to explain how federal documents ended up on the dark web
Although a ransomware attack on Xplain, a Swiss software developer contracted by the country’s federal government, became known almost as it happened a new one at the end of May 2023 report from the country’s National Cyber Security Center (NCSC) has shed further, disturbing light on the scale of the incident.
According to that report (via BleepingComputer), the NCSC believes that 1.3 million files were released by the threat actor, a ransomware group known as Play, in a package on the dark web.
65,000 of these files are considered ‘relevant’ to the Swiss government, with the vast majority (47,413) of these belonging directly to Xplain.
Explanation of ransomware attack
The NCSC also wrote about the challenges associated with determining file ownership and the specific nature of each compromised file. However, it revealed that the data contained employee details and passwords vulnerable to identity theft, technical specifications and unspecified ‘secret information’, and had determined how many files belonged to each of these categories.
Xplain, which describes itself as a “homeland security” company, has received an update his own evolving statement about the attack in response to the report of February 8. She claims that after the attack she filed a criminal complaint and “rebuilt the entire IT infrastructure” in accordance with the NCSC’s recommendations.
Despite this, Xplain maintains that it is still unclear how the attack was made possible. Ransomware groups often exploit undisclosed vulnerabilities to gain unauthorized access to computer systems.
Most importantly, the company reports that it has not been significantly harmed financially by the event, which it attributes to its “diversified long-term business model” (which we think is business-speak for “fingers in many pies”) and “the benefits from a damage insurance’.
All is well, so it seems to end well, but since there’s a lot we don’t know about how the breach happened, this might not be the last we hear about the incident.