The government in Switzerland is informing that sensitive information from various federal offices has been impacted. This is the result of a ransomware attack at the third-party organization Radix, which is based in Zurich. The hackers have stolen data from the Radix systems and later leaked it on the dark web for free. The exposed data is being analyzed with the help of the country’s National Cyber Security Centre. This analysis will determine which government agencies in Switzerland have been impacted and to what specific effect.
The health organization issued a statement saying that Sarcoma ransomware affiliates compromised its systems on June 16th.
Sarcoma is a rapidly emerging ransomware group that began its operations in October of the previous year. This group quickly became one of the most active by claiming thirty-six victims in its very first month. Sarcoma gains access to its targets through phishing, older vulnerabilities, and various complex supply-chain attack vectors. In the last stage of the attack, the threat actor steals sensitive data and may also encrypt it.
The threat actor published the data stolen from Radix on their leak portal on the dark web. This data was published on June 29th, likely after extortion efforts to receive a ransom payment had failed. Sarcoma appears to have published a massive 1.3 terabyte archive of data on its extortion portal. This data archive included several document scans, financial records, contracts, and various private internal business communications.
Radix says it has informed all impacted individuals about the breach via personalized notifications sent out to them.
The Swiss government confirmed it had suffered a similar exposure via another third-party software services provider last year. That previous incident involved the provider Xplain, which was breached by the notorious Play ransomware group. It resulted in the leak of 65,000 documents relating to the Federal Administration in Switzerland. Radix has stated there is no evidence that sensitive data from its partner organizations was affected by this. The exact method of this specific attack is still under investigation by the agency and cybersecurity officials.
Reference:
