Play ransomware operators publish 65,000 Swiss government documents

The Swiss National Cyber ​​​​Security Center (NCSC) has released the results of an investigation into a data leak that occurred last year as a result of a ransomware attack on the company Xplain. It turned out that thousands of confidential federal government files were affected during the incident.

Recall that the attack occurred in May 2023. Then the operators of the Play ransomware hacked the IT company Xplain, which provides technology and software solutions to various government departments, administrative departments and even the country' s armed forces.

The attackers said they stole various documents from the company containing personal and confidential data, financial and tax information, and so on. On June 1, 2023, the group published a complete dump of the stolen data on its darknet website, as it apparently could not force Xplain to pay the ransom.

Already then, Swiss authorities warned that attackers had probably leaked information belonging to the Swiss Federal Council into the public domain.

Last week, NCSC confirmed that approximately 65,000 government documents had been leaked as a result of the hack. The authorities explained such a long period of investigation due to the complexity of analyzing unstructured data and the large volume of leaks. Thus, it took a lot of time and resources to sort through documents related to the government.

In addition, the analysis of the leak was complicated from a legal point of view, since confidential information requires interdepartmental coordination, which also inevitably delays the process.

As a result, NCSC provides the following statistics:

  • of the 1.3 million files published by Play operators, about 5% (65,000 documents) were related to the Swiss Federal Council;
  • the majority (95%) of these files concern the administrative units of the Federal Department of Justice and Police (FDJP), including the Federal Office of Justice, the Federal Police Office, the State Secretariat for Migration, as well as the internal IT service center ISC-FDJP;
  • The Federal Department of Defense, Civil Defense and Sports (DDPS) was only slightly affected, accounting for about 3% of all stolen data;
  • another 5,000 documents contained a variety of sensitive information, including personal information (names, email addresses, phone numbers and addresses), technical details, sensitive information and account passwords;
  • also several hundred files contained documentation related to IT systems, software, architecture and passwords.

The administrative investigation is expected to be finalized by the end of March, and the full report will be submitted to the national government.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment