Swiss authorities are investigating a cyberattack that targeted the Bernese IT company Xplain, impacting several federal and cantonal government departments, including the police, army, customs, and the Federal Office of Police (Fedpol). The attack, attributed to the Play ransomware gang, led to the publication of alleged stolen data from Fedpol and the Federal Office for Customs and Border Security (FOCBS) on a Darknet forum.
While Fedpol claimed that the accessed data was simulated and anonymous for testing purposes, the incident highlights the potential risks faced by critical security entities.
Furthermore, the news of the attack was first reported by Swiss newspaper Le Temps, emphasizing that it marks the first time multiple cantonal police forces, the Swiss army, and Fedpol have been indirectly affected by a cyberattack. All these major security players share a common IT service provider, Xplain, which fell victim to the hack.
Additionally, the Play ransomware gang took responsibility for the breach, and it has been revealed that the attackers exploited a vulnerability in Xplain’s servers.
Although both Fedpol and the Federal Office for Customs and Border Security confirmed the attack, they attempted to downplay the incident. Fedpol stated that the threat actors only gained access to simulated data, and the projects of the agency remained unaffected.
However, the FOCBS acknowledged that data from its correspondence with clients were exposed. The investigation into the cyberattack is ongoing, with authorities working to determine the full extent of the breach and mitigate any potential consequences for national security.
