08.06.2023 - Based on the information currently available, it appears that operational data of the Federal Administration could also be affected by the ransomware attack on the IT company Xplain, which resulted in some of the stolen data being published on the darknet. In-depth analyses are still ongoing.
Xplain, a Swiss provider of government software, has been the victim of a ransomware attack. After the stolen data had been encrypted and the company blackmailed, the attackers posted some of the stolen data on the darknet.
Xplain notified the National Cybersecurity Centre (NCSC) of the cyberincident and reported the criminal offence to the Bern Cantonal Police.
Xplain's clients also include various administrative units of the Federal Administration. Clarifications are currently under way to determine the specific units and data concerned. Contrary to the initial findings and following recent in-depth clarifications, it has to be assumed that operational data could also be affected. Based on the information currently available, the Federal Administration does not believe that the Xplain systems have direct access to the Confederation's systems.
The NCSC is coordinating further clarifications and measures within the Federal Administration. It is engaged in continuous exchanges with Xplain, as well as the prosecution authorities and the affected administrative units of the Federal Administration, and will inform the public of further findings in due course.
The course of ransomware attacks in most cases:
After the attackers gain unauthorised access to a company's systems, the data is first stolen, then encrypted and the company is blackmailed. If the company in question does not pay, they threaten to publish the stolen data. If the company still does not respond to the blackmail, the data is usually published gradually in order to put it under additional pressure.
Last modification 08.06.2023