Swiss government warns of ongoing DDoS attacks, data leak

The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks.

The situation reflects the complex threats affecting organizations and governments as they utilize third-party services to host data and publicly expose online services.

Ransomware attack exposes data

Last Tuesday, the Swiss government disclosed that they were impacted by a ransomware attack on Xplain, a Swiss technology provider supplying various government departments, administrative units, and even the country's military force with software solutions.

The IT company was breached by the Play ransomware gang on May 23rd, 2023, with the threat actor claiming to have stolen various documents containing private and confidential data, financial and taxation details, etc.

On June 1st, 2023, the Play ransomware group published the entire dump, presumably after failing to extort Xplain into paying a ransom.

The Swiss government now says that while investigations on the contents and validity of the leaked data are still underway, it is likely that the attackers posted data belonging to the Federal Administration.

"Clarifications are currently underway to determine the specific units and data concerned," reads the press release published on the government portal.

"Contrary to the initial findings and following recent in-depth clarifications, it has to be assumed that operational data could also be affected."

'NoName' DDoS

A second press release posted on the Swiss government portal today warns of access problems on various Federal Administration websites, as well as its online services.

The reason for this outage is a DDoS (distributed denial of service) attack launched by NoName, a pro-Russian hacktivist group targeting NATO-aligned countries and entities in Europe, Ukraine, and North America since early 2022.

"Several Federal Administration websites are/were inaccessible on Monday 12 June 2023, due to a DDoS attack on its systems," reads the statement.

"The Federal Administration's specialists quickly noticed the attack and are taking measures to restore accessibility to the websites and applications as quickly as possible."

According to the same press release, NoName attacked the parliament website last week when its members discussed whether the country abandoned its neutrality to send aid to Ukraine.