Technical Report about the Malware used in the Cyberespionage against RUAG

23.05.16 - The Reporting and Analysis Center for Information Assurance (MELANI) was tasked by the Federal Council to produce a report about the technical findings concerning the RUAG Incident. It is targeted towards network security professionals and is meant to support those responsible for security identifying risks within their own networks, as well as implementing additional security measures.

During the collaboration between the Reporting and Analysis Center for Information Assurance (MELANI) and RUAG in the phase of first response, additional technical details about the malware used in this attack was found. These findings are now published in the following report. It shows the functioning of the malware, as well as possible security measure to either identify or mitigate this attack. Hence, the report also includes indicators of compromise, as well as more in-depth analysis concerning the attack vectors, lateral movement within the infected networks, the attacker’s infrastructure, as well as the techniques to exfiltration data.

The Federal Council decided, to make these findings public, in order to raise the overall security level, by publishing these technical indicators and conclusions, especially concerning this specific espionage case, as well as follow-ups in the future. Therefore, the report is aimed primarily at people in charge of information security within administration and private organizations, in order to heighten awareness and preventing such incidents. The report is meant to support those responsible identifying possible risks within their networks and implementing additional security measures if necessary. The use and implementation of the information and recommendation, lays with each’s individual responsibility.

Specialist staff
Last modification 05.01.2021

Top of page