The Swiss government has revealed that a recent ransomware attack on an IT vendor could have impacted its data, as today it warns it is now the target of DDoS attacks.
The situation reflects the complex threats faced by organizations and governments when using third-party services to host data and publicly expose services online.
Ransomware attack exposes data
Last Tuesday, the Swiss government revealed that it had been hit by a ransomware attack against Xplain, a Swiss technology provider providing software solutions to various government departments, administrative units and even the country’s military force.
The IT company was breached by the Play ransomware gang on May 23, 2023, with the threat actor claiming to have stolen various documents containing private and confidential data, financial and tax details, and more.
On June 1, 2023, the Play ransomware group released the entire dump, likely after failing to extort Xplain into paying a ransom.
The Swiss government now says that while investigations into the content and validity of the leaked data are still ongoing, it is likely that the attackers released data belonging to the federal administration.
“Clarifications are currently underway to determine the specific units and data affected,” reads the Press release published on the government portal.
“Contrary to initial findings and following recent extensive clarifications, it must be assumed that operational data could also be affected.”
A second press release published today on the Swiss government portal warns of problems accessing various websites of the federal administration, as well as its online services.
The reason for the outage is a DDoS (Distributed Denial of Service) attack launched by NoName, a pro-Russian hacktivist group targeting NATO-aligned countries and entities in Europe, Ukraine and North America since early 2022.
“Several federal government websites are/were down on Monday, June 12, 2023, due to a DDoS attack on their systems,” it read. the statement.
“Specialists from the federal administration quickly noticed the attack and are taking steps to restore the accessibility of websites and applications as soon as possible.”
According to the same press release, NoName attacked the Parliament’s website last week when its members discussed if the country gave up its neutrality to send aid to Ukraine.